Kako mi čitaju poruke sa harddiska??

neko je spomenuo da je stavio sifru, tako da od toga nema nista...

@IIO:

Ako nam ustupiš komp na par dana - pod mikrotikovima, ethereal-om i wireshark-om - saznaćemo na koji mejl šalje logove - a onda ćemo da ti damo da mu sama otkucaš jedan sladak log ;)

edit: a ko kaže da program nema .ini fajl - ili nešto upisano u registry? Što mora password da bi se došlo do mejl adrese na koju šalje log?

---

Prilikom instalacije programa korisnik mora da stavi sifru da bi nastavio instalaciju.
Program se pokrece sa tri tastera ctrl+shift+Q a zatim trazi pass koji je stavljen prilikom instalacije. Ko ne zna pass nema pritup programu.
Najverovatnije je podesio da mu salje logove na mail ali to u svakom slucaju nije vise vazno.

Trebalo bi da je obrisan mada je Branka lose kopirala skriptu (kopirala je Code: iz code taga), no videcemo kad postavi svezi log.



edit_

Da sam imao fizicki pristup racunaru pre brisanja, provalio bi mu sifru i onda bi znao na koji mail i sta je sve slano, ovako nista.

a on do sada nije saznao sta je Branka pisala ovde i ne zna sta mu se sprema? :D

Verovatno cita ovo, ukoliko mu Kristijevi toolovi nisu maknuli logove pre nego sto ih je prosledio na njegov mail.

_{[Ovu poruku je menjao Goran Mijailovic dana 13.02.2013. u 22:33 GMT+1]}

---

...umesto da je lepo stavio fejzbuk-like index.html kod sebe na apache, zakupio statiku, i metno svoju IP za facebook.com u etc/hosts - pa da kažeš da je suHi genije



_{[Ovu poruku je menjao Goran Mijailovic dana 14.02.2013. u 15:00 GMT+1]}

---

ja isto mislim da je ovo slucaj, zbog onog Basp.exe not found, tj. video je sta se desava i deinstalirao program, pre nego sto je ona pokrenula ciscenje Basp-a

ovo stvarno ne podrzavam i nisam nesto upoznat sta je sve novije u ponudi na keylogger/spy sceni, ali sa druge strane zanimljivo sta su sve spakovali u 850KB. ili je to samo demo, a full verzija je veca. i iznenadilo me da je to domaci program. iz prvog loga posto je pisalo Trace pomislio sam da je neki program za nadzor, ali je pisalo i da ga je napravila firma domaceg naziva, pa sam mislio da joj je to nesto mozda za e-banking ili slicno. kad ono na Guglu jedva da ima rezultata o tim nazivima, da je nesto poznato i ok bilo bi brze ocigledno, kad ono Gugl nas je uputio na doticnu firmu. jesu oni sav svoj trud ulozili u taj program ili uzeli sors od nekog drugog logera sa neta, pa ga samo preveli i ubacili po koju slicicu tu i tamo?

u svakom slucaju svasta... moze preko fb-a i mejla valjda da vidi kad se neko kacio na njene naloge i sa kojih IP adresa, pa moze da provali da li je to radeno od kuce, sa posla, ... a mozda je samo citao logove iz tog programa, bez ulaska na naloge.

pozz

njemu kompletni logovi ne znace toliko koliko mu je bitno da dodje do sifri kako bi ispratio obostranu konverzaciju...
u svakom slucaju, ako je to uradio jednom, verovatno ce uraditi opet, jer ostati 2 minuta nasamo sa partnerovim racunarom nije neka mudrost u danasnje vreme... a toliko mu je potrebno da doda KL u exclude object kod AV programa (ako ga uopste ima), i da instalira i podesi KL... e sad, sta je veci mazohizam, da ne ispusta momka ni trena iz vidokruga dok je kod nje, ili da ga se resi, na njoj je da prosudi...

@iio

Pokreni ponovo OTL i postavi mi svezi log da definitivno proverimo stanje.

Racunar ti u svakom slucaju radi mnogo bolje jer si imala mnogo kojekakvog smeca u sistemu.
I ne zaboravi da promenis sve sifre na nalozima.

OTL logfile created on: 14.2.2013 10:47:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\Winamp\plugins2\plug
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy

1023,17 Mb Total Physical Memory | 266,66 Mb Available Physical Memory | 26,06% Memory free
2,40 Gb Paging File | 1,77 Gb Available in Paging File | 73,63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 14,38 Gb Free Space | 58,91% Space Free | Partition Type: NTFS
Drive D: | 87,37 Gb Total Space | 67,57 Gb Free Space | 77,34% Space Free | Partition Type: NTFS
Drive E: | 2,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: HOME | User Name: Branka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013.02.13 12:20:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\Winamp\plugins2\plug\OTL.exe
PRC - [2013.02.06 14:35:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008.07.26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013.02.13 23:49:00 | 002,054,144 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13021304\algo.dll
MOD - [2013.02.13 11:50:28 | 002,054,144 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13021300\algo.dll
MOD - [2013.02.08 11:01:05 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013.02.06 14:35:33 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.01.02 07:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008.07.26 07:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2013.02.08 11:01:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 14:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.07.26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 17:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2009.07.02 18:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.05 08:16:32 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.06.02 14:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.12 10:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.11.24 10:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008.11.12 09:58:38 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.26 16:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 16:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 16:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 16:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.07.26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.14 13:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results...ms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={...c=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@SmileyCentral_1v.com/Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.01.11 21:24:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.10.15 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Extensions
[2013.01.30 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions
[2013.01.11 21:18:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.30 12:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\lmmc95yr.default\extensions
[2012.10.15 18:41:26 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Branka\Application Data\Mozilla\Firefox\Profiles\05nfzp1o.default\extensions\[email protected]
[2013.01.30 12:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.06 14:35:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 02:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 02:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7...tall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94CBADAD-D71D-4A14-B912-066C197E0DFC}: NameServer = 192.168.20.254 192.168.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261123~1.78\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Branka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Branka\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.19 15:29:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.08.24 05:10:12 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013.02.14 10:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branka\Desktop\za grupu
[2013.02.06 19:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013.02.06 19:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.06 19:58:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.01.31 06:02:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Branka\Start Menu\Programs\Startup-Disabled
[2013.01.30 10:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2013.01.30 10:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Branka\Application Data\GlarySoft
[2013.01.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013.02.14 09:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.14 09:24:05 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.02.14 09:21:31 | 000,002,080 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2013.02.14 09:17:53 | 000,744,531 | -H-- | M] () -- C:\treeinfo.wc
[2013.02.14 09:05:09 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2013.02.14 09:05:05 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express FilesUpdate.job
[2013.02.14 09:04:17 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.02.14 09:04:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.13 18:23:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.02.13 13:58:02 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Branka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 12:39:30 | 000,000,084 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013.02.13 10:11:26 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.12 22:11:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.09 16:38:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.08 11:01:06 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.02.08 11:01:06 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.02.06 19:58:08 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.02.06 13:27:22 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Branka\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013.01.31 12:47:54 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Branka\Desktop\Shortcut to net.lnk
[2013.01.31 05:50:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.29 12:33:05 | 000,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.29 12:33:05 | 000,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.26 04:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013.02.13 12:39:30 | 000,000,084 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013.02.06 19:58:08 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013.02.06 13:27:22 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Branka\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013.01.31 12:47:54 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Branka\Desktop\Shortcut to net.lnk
[2013.01.31 05:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.01.30 10:09:04 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012.12.01 12:46:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.11.29 14:07:59 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2012.02.15 14:39:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2011.04.21 11:32:47 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2011.04.21 11:32:47 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2011.04.21 11:32:47 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2011.04.12 17:50:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2011.02.26 13:55:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.11.21 15:56:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Branka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010.08.19 23:54:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.08.12 19:33:43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

OK cisto je.

Pokreni OTL i klikni CleanUp.

Time ce biti obrisan OTL alat i sve vezano za njega.


Ako imas neko pitanje slobodno pitaj.

Hvala ti puno sad nebi mogao vise da mi cita poruke?sa vremena na vreme cu pokrecati taj otv program pa sta bog da jos jednom hvala ti puno i dfnt cu se malo vise posvetiti svetu racunara ima da postanem prava cyber women :))

Ne moze vise da cita, gotovo je. Ali moras da promenis sifre jer sigurno ih zna.

Ne vredi ti ništa da pokrećeš OTL ako ne znaš kako da čitaš logove koje on daje i kako da napišeš skripte za uklanjanje malicioznih programa koje je OTL pronašao.
Sve to može da se nauči, pitaj Kristija gde je on prošao obuku pa probaj i ti...