Kako mi čitaju poruke sa harddiska??

[ iio @ 12.02.2013. 11:22 ] @

Pozdrav svima imam jedno pitanje ne znam kako niti se bas nesto razumem u racunare ali imam mali problem koji je postao iritirajući decko mi čita poruke sa Fb ..maila..skype i ako kaze da to ne radi a opet zna sve sta sam pisala sa kim sam se dopisivala i gde sam sve isla i ako na mozili brisem istoriju..cak su mi predlozili neki program koji kao brise sve ali ni to ne vredi znam da cita sa harda ali me naj vise iritira sto je ubeden da to niko ne zna i nema sanse da se provali sto ja licno mislim da je ne moguce znam da ima neka stelica samo je treba otkriti ako neko zna nesto vise o tome neka se javi hvala unapred :)

[ bachi @ 12.02.2013. 11:33 ] @

Nađi majstora za računar da ti reinstalira Windows, promeni sve lozinke za facebook, email i sve online servise koje koristiš.

_{[Obrisan off topic.]}

_{[Ovu poruku je menjao Goran Mijailovic dana 12.02.2013. u 20:18 GMT+1]}

[ bakara @ 12.02.2013. 11:53 ] @

Ja bih rekao da decko zna tvoje pasworde.
Menjaj prvo decka a posle i pasworde.

[ kunc @ 12.02.2013. 12:00 ] @

Citat:

bachi:Nađi majstora za računar da ti reinstalira Windows, promeni sve lozinke za facebook, email i sve online servise koje koristiš.

Sve je kazano, vjerovatno ti je decko ubacio neki od keyloggera pa kontantno nazire s`kim si u kontaktu
i cita cijelo vrijeme tvoje konverzacije.
Odi u neki dobar servis, uradi reinstalaciju i problem rijesen

_{[Obrisan off topic.]}

_{[Ovu poruku je menjao Goran Mijailovic dana 12.02.2013. u 20:20 GMT+1]}

[ Goran Mijailovic @ 12.02.2013. 19:21 ] @

Molim da se držite teme, ovo je forum Zaštita a ne Draga Saveta. Offtopic je obrisan.

Hvala.

[ kristi1 @ 13.02.2013. 08:37 ] @

@iio

Uradi ovako:

Preuzmi OTL na desktop http://oldtimer.geekstogo.com/OTL.exe

Dvoklikom pokreni OTL;

klikni Run Scan;

Po završetku skeniranja, izveštaj ce se otvoriti u Notepad-u.

Kopiraj mi log OTL.txt

[ iio @ 13.02.2013. 09:03 ] @

OTL logfile created on: 13.2.2013 9:47:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Branka\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

1023,17 Mb Total Physical Memory | 374,36 Mb Available Physical Memory | 36,59% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 77,60% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 14,58 Gb Free Space | 59,73% Space Free | Partition Type: NTFS
Drive D: | 87,37 Gb Total Space | 64,16 Gb Free Space | 73,43% Space Free | Partition Type: NTFS
Drive E: | 2,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Branka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013.02.13 09:47:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Branka\My Documents\Downloads\OTL.exe
PRC - [2013.02.06 14:35:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.09.16 12:45:30 | 000,712,704 | ---- | M] (UniverzalSoft) -- C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe
PRC - [2008.07.26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013.02.12 22:01:27 | 002,053,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13021201\algo.dll
MOD - [2013.02.08 11:01:05 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013.02.06 14:35:33 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2008.07.26 07:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2013.02.08 11:01:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2013.01.08 14:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.07.26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 17:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2009.07.02 18:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.05 08:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.06.02 14:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.12 10:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.11.24 10:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008.11.12 09:58:38 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.07.26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.14 13:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results...ms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?aff...a0bf92000000000000001485ca23d8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?aff...a0bf92000000000000001485ca23d8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={...c=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={...a0bf92000000000000001485ca23d8
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redir...ms}&locale=&apn_ptnrs=^RY&apn_dtid=^YYYYYY^V2^RS&apn_uid=383823f8-d898-450e-bd58-14f538abf91a&apn_sauid=99050740-A087-4304-9F75-317E4A5A61BB
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/...sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q...ourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={SearchTerms}
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.hiyo.com/?search={searchTerms}&loc=ie_search
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/Resu...rchSource=4&ctid=CT2405280
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@SmileyCentral_1v.com/Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.01.11 21:24:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.15 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Extensions
[2013.01.30 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions
[2013.01.11 21:18:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.30 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\lmmc95yr.default\extensions
[2012.10.15 18:41:26 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions\[email protected]
[2012.11.22 13:27:38 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\searchplugins\askcom.xml
[2012.12.11 08:59:25 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\searchplugins\WebSearch.xml
[2013.01.30 12:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 14:35:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Basp] C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe (UniverzalSoft)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7...tall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94CBADAD-D71D-4A14-B912-066C197E0DFC}: NameServer = 192.168.20.254 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261123~1.78\{16cdf~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Branka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Branka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.19 15:29:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.24 05:10:12 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013.02.06 19:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013.02.06 19:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.06 19:58:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.01.31 06:02:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Branka\Start Menu\Programs\Startup-Disabled
[2013.01.30 10:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\GameTap Web Player
[2013.01.30 10:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2013.01.30 10:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2013.01.30 10:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branka\Application Data\GlarySoft
[2013.01.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013.02.13 09:40:40 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.02.13 09:39:29 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013.02.13 09:39:22 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013.02.13 09:38:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.13 09:38:57 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.02.13 05:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.13 05:51:46 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.12 22:11:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.10 11:13:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.02.10 11:13:02 | 000,140,288 | ---- | M] () -- C:\Documents and Settings\Branka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.09 16:38:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.08 11:01:06 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 11:01:06 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.06 19:58:08 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.02.06 13:27:22 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Branka\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013.02.02 07:37:16 | 000,002,100 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2013.01.31 12:47:54 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Branka\Desktop\Shortcut to net.lnk
[2013.01.31 05:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.29 12:33:05 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.29 12:33:05 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.26 04:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013.02.06 19:58:08 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.02.06 13:27:22 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Branka\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013.01.31 12:47:54 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Branka\Desktop\Shortcut to net.lnk
[2013.01.31 05:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.30 10:09:04 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012.12.01 12:46:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.11.29 14:07:59 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2012.02.15 14:39:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011.04.21 11:32:47 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2011.04.21 11:32:47 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2011.04.21 11:32:47 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2011.04.12 17:50:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2011.02.26 13:55:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.11.21 15:56:25 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Branka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010.08.19 23:54:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.08.12 19:33:43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
Pokrenula sam taj program i izbacilo mi je ovo..e sad gledala ja u to ili u zid isto mi dode jaoj muke kad zelis nesto da znas a ne znas zato nastavljam sa interesovanjem..guglovanjem..edukacijom pa valjda ce nesto da ispadne :)

[ kristi1 @ 13.02.2013. 10:05 ] @

Pokreni OTL

U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeci tekst:

Code:
:OTL
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?aff...a0bf92000000000000001485ca23d8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?aff...a0bf92000000000000001485ca23d8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={...a0bf92000000000000001485ca23d8
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redir...ms}&locale=&apn_ptnrs=^RY&apn_dtid=^YYYYYY^V2^RS&apn_uid=383823f8-d898-450e-bd58-14f538abf91a&apn_sauid=99050740-A087-4304-9F75-317E4A5A61BB
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/...sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q...ourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={SearchTerms}
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.hiyo.com/?search={searchTerms}&loc=ie_search
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/Resu...rchSource=4&ctid=CT2405280
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.mocaflix.com/?l=1&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O33 - MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found

:commands
[CREATERESTOREPOINT]
[emptytemp]

Klikni taster Run Fix;

Log koji dobiješ iskopiraj ovde u poruci.

Korak2.

Preuzmi na desktop AdwCleaner sa donjeg linka:
http://general-changelog-team....-outils-de-xplode/2-adwcleaner

Pokreni program i klikni tab Delete.

Svaki sledeci klik je OK do restarta racunara.

Imaces izvbestaj koji ce se otvoriti u Notepad-u posle restarta, posalji ga na uvid.

[ djoka_l @ 13.02.2013. 10:10 ] @

Hmm, a ima starovan i C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe
Rekao bih da je to keylogger.

[ kristi1 @ 13.02.2013. 10:22 ] @

Jbte zar je moguce da ga nisam ubacio, cccc

Tako je to kad te cimaju na mob a gledas log, nece i jedno i drugo :D

OK sredicemo ga u drugom prolazu.

Branka, uradi sledece:

Preuzmi programSystemLook sa ovog ili ovog linka na Desktop;

[list][*]Dvoklikom pokreni SystemLook;

- U beli okvir prozora iskopirati sledeći tekst:

Code:

:file
C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe

[*]Klikni taster Look;

Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl.[/list]

[ agasoft @ 13.02.2013. 10:36 ] @

Ahaaa,
Pazi dečka, prilikom guglanja, nalateh na basp pro, domaća pamet, izgleda...
Da ne reklamiram ovde...

[ kristi1 @ 13.02.2013. 11:35 ] @

Ovako stoje stvari, jeste keylogger, decko te spijunirao.

Zanemari prethodnu poruku i uradi sledece:

Pokreni OTL

U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeci tekst:

Code:

:OTL
PRC - [2010.09.16 12:45:30 | 000,712,704 | ---- | M] (UniverzalSoft) -- C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe
O4 - HKLM..\Run: [Basp] C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe (UniverzalSoft)

:commands
[emptytemp]

Klikni taster Run Fix;

Log koji dobiješ iskopiraj ovde u poruci.

Odradi i prvi i ovaj drugi fix

Evo kako izgleda program

Postoji mogucnost deinstalacije, ali je stavio sifru pa ti nisi u prilici to da odradis.

https://www.virustotal.com/sr/...216592b8d38756f13db8/analysis/

Vazno!!!

Posle ovog ciscenja obavezno da promenis sve sifre na svim messenger-ima, FB, Skype, mail ... svuda te je spijunirao.

[ iio @ 13.02.2013. 11:38 ] @

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B63A8D6-BBED-4341-8867-790E5F524C96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngin0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3bcd436-abab-11df-a0b0-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3bcd436-abab-11df-a0b0-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3bcd436-abab-11df-a0b0-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3bcd436-abab-11df-a0b0-806d6172696f}\ not found.
File E:\DVDSetup.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Branka
->Temp folder emptied: 1041738 bytes
->Temporary Internet Files folder emptied: 429169 bytes
->Java cache emptied: 32643 bytes
->FireFox cache emptied: 70632637 bytes
->Flash cache emptied: 506 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115300 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 19705 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 139668 bytes

Total Files Cleaned = 72,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02132013_122933

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Dobila sam ovo i posle kada sam otisla na taj run fix racunar mi se sam resetovao sad cu preuzeti onaj program adw cleaner pa sledim uputstva :) drustvance zahvaljujuci vama jos cu ja postati i haker :))

[ kristi1 @ 13.02.2013. 11:42 ] @

Uradi prvo ovaj drugi fix, pa posle pokreni AdwCleaner.

Kakav crni hacker, seo je za tvoj racunar i instalirao Keylogger, za to moze krivicno da odgovara.

[ iio @ 13.02.2013. 12:07 ] @

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
No active process named Basp.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Basp not found.
File C:\Documents and Settings\Branka\Tracing\Basp\Basp.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Branka
->Temp folder emptied: 641722 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2286671 bytes
->Flash cache emptied: 492 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109792 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02132013_125913

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Odradila sam i taj drugi korak racunar se sam resetovao i sad pokrenem taj adw cleaner pa da vidimo sta ce biti

[ iio @ 13.02.2013. 12:22 ] @

Opet ja :) pokusacu da vise ne dosadujem sa pitanjima narocito Kristi 1 ne znam kako sve sam odradila ali nisam dosla do tog programa basp pro ali mi je sad mozzila drugacija tj.normalna kako treba da bude mislim da sad mogu menjati sifre ako nije uspelo vec cu ja to saznati ;)

[ kristi1 @ 13.02.2013. 12:36 ] @

Cekaj jos nismo zavrsili.

Pokreni ponovo OTL, klikni na Run scan i postavi mi svez log da pregledam definitivno.

[ newtesla @ 13.02.2013. 12:43 ] @

Možda je najpametnije da za početak odeš kod nekog VEOMA VEOMA SIGURNOG prijatelja, i:

-promeniš šifre
-uključiš FB autorizaciju putem telefona/SMS (čim probaš da se uloguješ, stigne ti SMS sa dodatnim kodom, a FB ti traži taj kod za nastavak)
-uključi Gmail autorizaciju u dva koraka.

I do daljnjeg idi samo sa mobilnog na FB.

=====

Probaću bez offtopic-a i Draga Saveta, ali: to što je tvoj =koji god da mu je status= učinio, je krivično kažnjivo delo!!! Ja bih te savetovao da ga ipak prijaviš policiji. No, odluka jeste tvoja, ali misli i na njegovu okolinu, i potencijalne buduće devojke.

[ bakara @ 13.02.2013. 13:32 ] @

Au bre sta ste iskopali devojci...ko bi ocekivao ovakav razvoj situacije.

A decko je krajnje bezobrazan.

[ plague @ 13.02.2013. 13:41 ] @

S obzirom da verovatno salje log file na mail, zar ne bi bilo zanimljivo pogledati koji je login info? Postoji verovatnoca da nije napravio nov mail nego da salje sam sebi. :D

Naravno, ne preporucujem logovanje na njegov mail jer je protivzakonito isto koliko i to njegovo spijuniranje.

Edit:typo

_{[Ovu poruku je menjao plague dana 13.02.2013. u 15:14 GMT+1]}

[ superbaka @ 13.02.2013. 13:46 ] @

neko je spomenuo da je stavio sifru, tako da od toga nema nista...

[ newtesla @ 13.02.2013. 13:54 ] @

@IIO:

Ako nam ustupiš komp na par dana - pod mikrotikovima, ethereal-om i wireshark-om - saznaćemo na koji mejl šalje logove - a onda ćemo da ti damo da mu sama otkucaš jedan sladak log ;)

edit: a ko kaže da program nema .ini fajl - ili nešto upisano u registry? Što mora password da bi se došlo do mejl adrese na koju šalje log?

[ kristi1 @ 13.02.2013. 14:21 ] @

Prilikom instalacije programa korisnik mora da stavi sifru da bi nastavio instalaciju.
Program se pokrece sa tri tastera ctrl+shift+Q a zatim trazi pass koji je stavljen prilikom instalacije. Ko ne zna pass nema pritup programu.
Najverovatnije je podesio da mu salje logove na mail ali to u svakom slucaju nije vise vazno.

Trebalo bi da je obrisan mada je Branka lose kopirala skriptu (kopirala je Code: iz code taga), no videcemo kad postavi svezi log.

edit_

Da sam imao fizicki pristup racunaru pre brisanja, provalio bi mu sifru i onda bi znao na koji mail i sta je sve slano, ovako nista.

[ superbaka @ 13.02.2013. 18:01 ] @

a on do sada nije saznao sta je Branka pisala ovde i ne zna sta mu se sprema? :D

[ cyBerManIA @ 13.02.2013. 21:07 ] @

Verovatno cita ovo, ukoliko mu Kristijevi toolovi nisu maknuli logove pre nego sto ih je prosledio na njegov mail.

_{[Ovu poruku je menjao Goran Mijailovic dana 13.02.2013. u 22:33 GMT+1]}

[ newtesla @ 13.02.2013. 21:33 ] @

...umesto da je lepo stavio fejzbuk-like index.html kod sebe na apache, zakupio statiku, i metno svoju IP za facebook.com u etc/hosts - pa da kažeš da je suHi genije

_{[Ovu poruku je menjao Goran Mijailovic dana 14.02.2013. u 15:00 GMT+1]}

[ technotize @ 13.02.2013. 22:53 ] @

Citat:

superbaka:
a on do sada nije saznao sta je Branka pisala ovde i ne zna sta mu se sprema? :D

ja isto mislim da je ovo slucaj, zbog onog Basp.exe not found, tj. video je sta se desava i deinstalirao program, pre nego sto je ona pokrenula ciscenje Basp-a

ovo stvarno ne podrzavam i nisam nesto upoznat sta je sve novije u ponudi na keylogger/spy sceni, ali sa druge strane zanimljivo sta su sve spakovali u 850KB. ili je to samo demo, a full verzija je veca. i iznenadilo me da je to domaci program. iz prvog loga posto je pisalo Trace pomislio sam da je neki program za nadzor, ali je pisalo i da ga je napravila firma domaceg naziva, pa sam mislio da joj je to nesto mozda za e-banking ili slicno. kad ono na Guglu jedva da ima rezultata o tim nazivima, da je nesto poznato i ok bilo bi brze ocigledno, kad ono Gugl nas je uputio na doticnu firmu. jesu oni sav svoj trud ulozili u taj program ili uzeli sors od nekog drugog logera sa neta, pa ga samo preveli i ubacili po koju slicicu tu i tamo?

u svakom slucaju svasta... moze preko fb-a i mejla valjda da vidi kad se neko kacio na njene naloge i sa kojih IP adresa, pa moze da provali da li je to radeno od kuce, sa posla, ... a mozda je samo citao logove iz tog programa, bez ulaska na naloge.

pozz

[ superbaka @ 13.02.2013. 23:17 ] @

njemu kompletni logovi ne znace toliko koliko mu je bitno da dodje do sifri kako bi ispratio obostranu konverzaciju...
u svakom slucaju, ako je to uradio jednom, verovatno ce uraditi opet, jer ostati 2 minuta nasamo sa partnerovim racunarom nije neka mudrost u danasnje vreme... a toliko mu je potrebno da doda KL u exclude object kod AV programa (ako ga uopste ima), i da instalira i podesi KL... e sad, sta je veci mazohizam, da ne ispusta momka ni trena iz vidokruga dok je kod nje, ili da ga se resi, na njoj je da prosudi...

[ kristi1 @ 14.02.2013. 09:05 ] @

@iio

Pokreni ponovo OTL i postavi mi svezi log da definitivno proverimo stanje.

Racunar ti u svakom slucaju radi mnogo bolje jer si imala mnogo kojekakvog smeca u sistemu.
I ne zaboravi da promenis sve sifre na nalozima.

[ iio @ 14.02.2013. 09:55 ] @

OTL logfile created on: 14.2.2013 10:47:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\Winamp\plugins2\plug
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

1023,17 Mb Total Physical Memory | 266,66 Mb Available Physical Memory | 26,06% Memory free
2,40 Gb Paging File | 1,77 Gb Available in Paging File | 73,63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 14,38 Gb Free Space | 58,91% Space Free | Partition Type: NTFS
Drive D: | 87,37 Gb Total Space | 67,57 Gb Free Space | 77,34% Space Free | Partition Type: NTFS
Drive E: | 2,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Branka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013.02.13 12:20:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\Winamp\plugins2\plug\OTL.exe
PRC - [2013.02.06 14:35:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008.07.26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013.02.13 23:49:00 | 002,054,144 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13021304\algo.dll
MOD - [2013.02.13 11:50:28 | 002,054,144 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13021300\algo.dll
MOD - [2013.02.08 11:01:05 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013.02.06 14:35:33 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.01.02 07:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008.07.26 07:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2013.02.08 11:01:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 14:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.07.26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 17:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2009.07.02 18:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.05 08:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.06.02 14:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.12 10:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.11.24 10:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008.11.12 09:58:38 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.07.26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.14 13:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results...ms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={...c=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@SmileyCentral_1v.com/Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.01.11 21:24:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.15 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Extensions
[2013.01.30 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions
[2013.01.11 21:18:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.30 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\lmmc95yr.default\extensions
[2012.10.15 18:41:26 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions\[email protected]
[2013.01.30 12:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 14:35:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7...tall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94CBADAD-D71D-4A14-B912-066C197E0DFC}: NameServer = 192.168.20.254 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261123~1.78\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Branka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Branka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.19 15:29:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.24 05:10:12 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013.02.14 10:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branka\Desktop\za grupu
[2013.02.06 19:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013.02.06 19:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.06 19:58:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.01.31 06:02:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Branka\Start Menu\Programs\Startup-Disabled
[2013.01.30 10:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2013.01.30 10:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branka\Application Data\GlarySoft
[2013.01.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013.02.14 09:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.14 09:24:05 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.02.14 09:21:31 | 000,002,080 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2013.02.14 09:17:53 | 000,744,531 | -H-- | M] () -- C:\treeinfo.wc
[2013.02.14 09:05:09 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013.02.14 09:05:05 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013.02.14 09:04:17 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.02.14 09:04:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.13 18:23:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.02.13 13:58:02 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Branka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 12:39:30 | 000,000,084 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013.02.13 10:11:26 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.12 22:11:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.09 16:38:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.08 11:01:06 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 11:01:06 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.06 19:58:08 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.02.06 13:27:22 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Branka\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013.01.31 12:47:54 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Branka\Desktop\Shortcut to net.lnk
[2013.01.31 05:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.29 12:33:05 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.29 12:33:05 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.26 04:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013.02.13 12:39:30 | 000,000,084 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013.02.06 19:58:08 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.02.06 13:27:22 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Branka\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013.01.31 12:47:54 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Branka\Desktop\Shortcut to net.lnk
[2013.01.31 05:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.30 10:09:04 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012.12.01 12:46:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.11.29 14:07:59 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2012.02.15 14:39:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011.04.21 11:32:47 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2011.04.21 11:32:47 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2011.04.21 11:32:47 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2011.04.12 17:50:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2011.02.26 13:55:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.11.21 15:56:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Branka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010.08.19 23:54:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.08.12 19:33:43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

[ kristi1 @ 14.02.2013. 10:21 ] @

OK cisto je.

Pokreni OTL i klikni CleanUp.

Time ce biti obrisan OTL alat i sve vezano za njega.

Ako imas neko pitanje slobodno pitaj.

[ iio @ 14.02.2013. 11:14 ] @

Hvala ti puno sad nebi mogao vise da mi cita poruke?sa vremena na vreme cu pokrecati taj otv program pa sta bog da jos jednom hvala ti puno i dfnt cu se malo vise posvetiti svetu racunara ima da postanem prava cyber women :))

[ kristi1 @ 14.02.2013. 11:20 ] @

Citat:

Hvala ti puno sad nebi mogao vise da mi cita poruke?

Ne moze vise da cita, gotovo je. Ali moras da promenis sifre jer sigurno ih zna.

[ SlobaBgd @ 14.02.2013. 11:48 ] @

Citat:

iio:
sa vremena na vreme cu pokrecati taj otv program pa sta bog da

Ne vredi ti ništa da pokrećeš OTL ako ne znaš kako da čitaš logove koje on daje i kako da napišeš skripte za uklanjanje malicioznih programa koje je OTL pronašao.
Sve to može da se nauči, pitaj Kristija gde je on prošao obuku pa probaj i ti...