Ima li problema ? [Windows Server 2003 64bit]


Ima li problema ? [Windows Server 2003 64bit]

Koristio sam Windows Firewall posto ni jedan drugi nisam mogao da instaliram na 64bit-nom windows-u, znam da ne valja ali sta cu, pa nisam ni trazio pomoc.
Juce sam instalirao Outpost Firewall PRO 64bit i proverio racunar sa Ad-Aware SE Professional. Nasao je par stvari koje sam obrisao. Nakon nove provere nista, izgleda sve u redu mada mi racunar radi sporije. Da li je mozda nesto ostalo neobrisano?
Takodje sam proverio racunar sa AV Nod32 koji isto nije pronasao nista.

Logfile of HijackThis v1.99.1
Scan saved at 15:01:18, on 03.05.2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\Program Files (x86)\Eset\nod32kui.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Eset\nod32krn.exe
C:\Program Files (x86)\Agnitum\Outpost Firewall\outpost.exe
D:\Shared\Software\BitTorrent Clients\uTorrent\utorrent 1.6.exe
C:\Program Files (x86)\ApexDC++\ApexDC.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\FoxyTunes\ForInternetExplorer\FoxyTunesEngine.exe
C:\Documents and Settings\Administrator\Desktop\T3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files (x86)\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: ExtraTorrent Toolbar - {3DA353C2-FE7F-428C-B494-791DCDAF516E} - C:\PROGRA~2\EXTRAT~1\EXTRAT~1.DLL
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files (x86)\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files (x86)\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files (x86)\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O20 - AppInit_DLLs: C:\PROGRA~2\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files (x86)\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Brzina internet veze je 256kbps.

Iz ovog sto vidim, nema niceg spornog u logu.. Kompjuter moze da se uspori iz milion razloga, ne mora da znaci da je to posledica nekog malware-a.

Sta ti je tacno detektovao Ad-Aware ?

Detektovao je sledece:

Ad-Aware SE Statistics 04.05.2007 0:00:58
TAC Rating Total Found Total Removed Last Detected
WhenU.SaveNow 2 1 02.05.2007
WhenU.WeatherCast 1 0 02.05.2007
Possible Browser Hijack attempt 3 1 02.05.2007
MRU List 60 0 02.05.2007
Win32.Backdoor.PcClient 2 2 02.05.2007

Nadam se da si to trazio.

Sto se tice usporavanja racunara, bitno mi je da znam da nije posledica malware-a jer bih onda tu mogucnost mogao da iskljucim (a tu ste mi potrebni vi).
Kad znam da nije to ja cu vec sam da se snalazim kako znam i umem da ubrzam malo stvari.


Ipak je nešto sumnjivo u ovom logu i izvestaju Ad-Aware-a. Dobio sam sugestiju da te uputim na ovaj korak.

Preuzmi fajl sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.

Prvo da se izvinim sto mi je trebalo tri dana da odgovorim, imao sam neke silne obaveze mada znam da me to ne opravdava-kriv sam.

Skinuo sam fajl koji prilikom pokretanja prikazuje:"Gmer device: The system cannot find the file specified." medjutim program se ipak startuje. Ne znam da li je bitno, pominjem za svaki slucaj.

Rootkit Tab:

GMER - [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2007-05-08 12:13:54
Windows 5.2.3790 Service Pack 2

---- Kernel code sections - GMER 1.0.12 ----

? \WINDOWS\system32\ntoskrnl.exe The system cannot find the file specified.
? \WINDOWS\system32\hal.dll The system cannot find the file specified.
? \WINDOWS\system32\KDCOM.DLL The system cannot find the file specified.
? \WINDOWS\system32\BOOTVID.dll The system cannot find the file specified.
? sptd.sys The system cannot find the file specified.
? \WINDOWS\System32\Drivers\WMILIB.SYS The system cannot find the file specified.
? \WINDOWS\System32\Drivers\SCSIPORT.SYS The system cannot find the file specified.
? ACPI.sys The system cannot find the file specified.
? pci.sys The system cannot find the file specified.
? ohci1394.sys The system cannot find the file specified.
? \WINDOWS\system32\DRIVERS\1394BUS.SYS The system cannot find the file specified.
? isapnp.sys The system cannot find the file specified.
? pciide.sys The system cannot find the file specified.
? \WINDOWS\system32\DRIVERS\PCIIDEX.SYS The system cannot find the file specified.
? MountMgr.sys The system cannot find the file specified.
? ftdisk.sys The system cannot find the file specified.
? dmload.sys The system cannot find the file specified.
? dmio.sys The system cannot find the file specified.
? volsnap.sys The system cannot find the file specified.
? PartMgr.sys The system cannot find the file specified.
? atapi.sys The system cannot find the file specified.
? nvatabus.sys The system cannot find the file specified.
? Si3114r5.sys The system cannot find the file specified.
? SI3114R.sys The system cannot find the file specified.
? disk.sys The system cannot find the file specified.
? \WINDOWS\system32\DRIVERS\CLASSPNP.SYS The system cannot find the file specified.
? fltmgr.sys The system cannot find the file specified.
? sr.sys The system cannot find the file specified.
? SiWinAcc.sys The system cannot find the file specified.
? PxHlpa64.sys The system cannot find the file specified.
? KSecDD.sys The system cannot find the file specified.
? Ntfs.sys The system cannot find the file specified.
? NDIS.sys The system cannot find the file specified.
? nv_agp.sys The system cannot find the file specified.
? SiRemFil.sys The system cannot find the file specified.
? Mup.sys The system cannot find the file specified.
? crcdisk.sys The system cannot find the file specified.
? system32\DRIVERS\nic1394.sys The system cannot find the file specified.
? system32\DRIVERS\fdc.sys The system cannot find the file specified.
? system32\drivers\msmpu401.sys The system cannot find the file specified.
? system32\drivers\portcls.sys The system cannot find the file specified.
? system32\drivers\ks.sys The system cannot find the file specified.
? system32\drivers\ksthunk.sys The system cannot find the file specified.
? system32\DRIVERS\i8042prt.sys The system cannot find the file specified.
? system32\DRIVERS\kbdclass.sys The system cannot find the file specified.
? system32\DRIVERS\serial.sys The system cannot find the file specified.
? system32\DRIVERS\serenum.sys The system cannot find the file specified.
? system32\DRIVERS\usbohci.sys The system cannot find the file specified.
? system32\DRIVERS\USBPORT.SYS The system cannot find the file specified.
? system32\DRIVERS\usbehci.sys The system cannot find the file specified.
? system32\DRIVERS\nvnetbus.sys The system cannot find the file specified.
? system32\DRIVERS\NVNRM.SYS The system cannot find the file specified.
? system32\DRIVERS\NVSNPU.SYS The system cannot find the file specified.
? system32\drivers\ALCWDM64.SYS The system cannot find the file specified.
? system32\DRIVERS\imapi.sys The system cannot find the file specified.
? system32\DRIVERS\cdrom.sys The system cannot find the file specified.
? system32\DRIVERS\redbook.sys The system cannot find the file specified.
? system32\DRIVERS\nv4_mini.sys The system cannot find the file specified.
? system32\DRIVERS\VIDEOPRT.SYS The system cannot find the file specified.
? system32\DRIVERS\watchdog.sys The system cannot find the file specified.
? system32\DRIVERS\SkyNET_AMD64.SYS The system cannot find the file specified.
? system32\DRIVERS\ltmdm64.sys The system cannot find the file specified.
? System32\Drivers\Modem.SYS The system cannot find the file specified.
? System32\Drivers\af2s1zji.SYS The system cannot find the file specified.
? system32\DRIVERS\amdk8.sys The system cannot find the file specified.
? system32\DRIVERS\audstub.sys The system cannot find the file specified.
? system32\DRIVERS\rasl2tp.sys The system cannot find the file specified.
? system32\DRIVERS\ndistapi.sys The system cannot find the file specified.
? system32\DRIVERS\ndiswan.sys The system cannot find the file specified.
? system32\DRIVERS\raspppoe.sys The system cannot find the file specified.
? system32\DRIVERS\raspptp.sys The system cannot find the file specified.
? system32\DRIVERS\TDI.SYS The system cannot find the file specified.
? system32\DRIVERS\psched.sys The system cannot find the file specified.
? system32\DRIVERS\msgpc.sys The system cannot find the file specified.
? system32\DRIVERS\ptilink.sys The system cannot find the file specified.
? system32\DRIVERS\raspti.sys The system cannot find the file specified.
? system32\DRIVERS\rdpdr.sys The system cannot find the file specified.
? system32\DRIVERS\termdd.sys The system cannot find the file specified.
? system32\DRIVERS\mouclass.sys The system cannot find the file specified.
? system32\DRIVERS\swenum.sys The system cannot find the file specified.
? system32\DRIVERS\update.sys The system cannot find the file specified.
? system32\DRIVERS\mssmbios.sys The system cannot find the file specified.
? System32\Drivers\NDProxy.SYS The system cannot find the file specified.
? system32\DRIVERS\usbhub.sys The system cannot find the file specified.
? system32\DRIVERS\USBD.SYS The system cannot find the file specified.
? system32\DRIVERS\NVENETFD.sys The system cannot find the file specified.
? system32\DRIVERS\flpydisk.sys The system cannot find the file specified.
? System32\Drivers\Fs_Rec.SYS The system cannot find the file specified.
? System32\Drivers\Null.SYS The system cannot find the file specified.
? System32\Drivers\Beep.SYS The system cannot find the file specified.
? System32\drivers\vga.sys The system cannot find the file specified.
? System32\Drivers\mnmdd.SYS The system cannot find the file specified.
? System32\DRIVERS\RDPCDD.sys The system cannot find the file specified.
? System32\Drivers\Msfs.SYS The system cannot find the file specified.
? System32\Drivers\Npfs.SYS The system cannot find the file specified.
? system32\DRIVERS\rasacd.sys The system cannot find the file specified.
? system32\DRIVERS\ipsec.sys The system cannot find the file specified.
? system32\DRIVERS\tcpip.sys The system cannot find the file specified.
? system32\DRIVERS\ipnat.sys The system cannot find the file specified.
? system32\DRIVERS\ipfltdrv.sys The system cannot find the file specified.
? system32\DRIVERS\netbt.sys The system cannot find the file specified.
? System32\drivers\ws2ifsl.sys The system cannot find the file specified.
? System32\drivers\afd.sys The system cannot find the file specified.
? system32\DRIVERS\wanarp.sys The system cannot find the file specified.
? system32\DRIVERS\hidusb.sys The system cannot find the file specified.
? system32\DRIVERS\HIDCLASS.SYS The system cannot find the file specified.
? system32\DRIVERS\HIDPARSE.SYS The system cannot find the file specified.
? system32\DRIVERS\netbios.sys The system cannot find the file specified.
? system32\DRIVERS\rdbss.sys The system cannot find the file specified.
? system32\DRIVERS\mrxsmb.sys The system cannot find the file specified.
? System32\Drivers\Fips.SYS The system cannot find the file specified.
? system32\DRIVERS\arp1394.sys The system cannot find the file specified.
? system32\DRIVERS\mouhid.sys The system cannot find the file specified.
? System32\Drivers\Cdfs.SYS The system cannot find the file specified.
? System32\win32k.sys The system cannot find the file specified.
? System32\drivers\Dxapi.sys The system cannot find the file specified.
? System32\drivers\dxg.sys The system cannot find the file specified.
? System32\nv4_disp.dll The system cannot find the file specified.
? System32\ATMFD.DLL The system cannot find the file specified.
? system32\DRIVERS\ndisuio.sys The system cannot find the file specified.
? system32\drivers\wdmaud.sys The system cannot find the file specified.
? system32\drivers\sysaudio.sys The system cannot find the file specified.
? system32\DRIVERS\mrxdav.sys The system cannot find the file specified.
? system32\drivers\amon.sys The system cannot find the file specified.
? system32\DRIVERS\CdaC15BA.sys The system cannot find the file specified.
? system32\DRIVERS\CdaD10BA.sys The system cannot find the file specified.
? System32\Drivers\HTTP.sys The system cannot find the file specified.
? system32\DRIVERS\srv.sys The system cannot find the file specified.
? system32\DRIVERS\secdrv.sys The system cannot find the file specified.
? system32\drivers\kmixer.sys The system cannot find the file specified.

---- Processes - GMER 1.0.12 ----

Process hidden process (*** hidden *** ) 16781312

---- EOF - GMER 1.0.12 ----

Sto se tice Autostart Tab-a, nakon klika na "Scan" ne desava se nista. Pokusao sam par puta ali u prozoru se nista ne pojavljuje.

Primetio sam da u programu Gmer imam 34 process-a (1 hidden) dok u Task Manager-u imam samo 33. Mozda je bitno. Upload-ovao sam jpeg oba prozora pa bacite pogled.
[Link mogu videti samo ulogovani korisnici]

Jos jednom se izvinjavam zbog kasnjenja.

Za ovo "Gmer device: The system cannot find the file specified." - sumnjam da je uzrok to što imaš 64bitnu verziju windows-a, ali proveriću o čemu se tačno radi.. Koliko vidim, on je ipak nekako preskenirao sistem.

U vezi screenshota: Bitno je. To se i traži.

Nastavićemo.. Izvini ti što ne mogu da proverim ovo ranije.

Dopuna: 08 Maj 2007 23:43

Pronađi, zipuj i pošlji nam sledeći fajl preko ovog linka:


Drage volje samo sto ne mogu da ga nadjem.

Na lokaciji C:\Windows\System32\Drivers\af2s1zji.SYS ga nema.

Probao sam ali ni search windows-a kao ni search total commander-a ga ne vide.

Ja na toj lokaciji imam sledece fajlove:
pfc.sys i
hfile.txt koji je hidden.


Gmer ga je izlistao a za njega jedino nismo imali informaciju o čemu se pouzdano radi. Ako kažeš da ga nema onda je ok.
To što dalje si naveo je legitimno. Skini ovu verziju i postavi log, da proverim još nešto.

mada nisam promenio ime jer ne znam da li treba:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:05:26, on 09.05.2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Eset\nod32kui.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Eset\nod32krn.exe
C:\Program Files (x86)\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files (x86)\ApexDC++\ApexDC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\FoxyTunes\ForInternetExplorer\FoxyTunesEngine.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files (x86)\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: ExtraTorrent Toolbar - {3DA353C2-FE7F-428C-B494-791DCDAF516E} - C:\PROGRA~2\EXTRAT~1\EXTRAT~1.DLL
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files (x86)\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files (x86)\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files (x86)\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Link mogu videti samo ulogovani korisnici]
O20 - AppInit_DLLs: C:\PROGRA~2\Agnitum\OUTPOS~1\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files (x86)\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

End of file - 7158 bytes

Ovaj log je čist. Ostaje samo misterija oko onog skrivenog procesa.

Ako želiš da to proverimo, skini program Proces Explorer. Skeniraj gmerom računar ponovo. Kada završiš to i gmer ti ponovo pokaže hidden process ti pokreni Proces Expolorer i preko PID broja pokušaj da ga pronađeš i indentifikuješ.

Kada to sve uradiš, možeš da napraviš screenshot ili još bolje označiš taj proces, ideš na Save As, dobiješ txt log fajl i okačiš nam ovde.

