HJT log

Kuinkahan paljon peikkoja löytyy tämän koneen sisuksista?

Logfile of HijackThis v1.99.1
Scan saved at 19:15:51, on 25.4.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Nvc\BIN\npfmsg2.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Teemu\Työpöytä\Ladatut\Ohjelmat\Freeram\FreeRAM XP Pro 1.40.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\ABC\abc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ARCHPR\archpr.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mtv3.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {82618EF6-5A94-438D-9A86-7ABC199C33B3} - (no file)
O3 - Toolbar: SuperBar - {200B514E-3607-4CB5-98AF-B2C537DA92C8} - C:\Program Files\_SUPERBAR\_SUPERBAR.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [SSPrnAgent] C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [OP14 Reminder] "C:\Program Files\ScanSoft\OmniPagePro14.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPagePro14.0\EregEng\ereg.ini"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Teemu\Työpöytä\Ladatut\Ohjelmat\Freeram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mtv3.fi/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093196471304
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.240.224.222/activex/AxisCamControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Etukäteen kiittäen

 

Eipä tuolla sen ihmeempiä näy kuin tuo Password Cracker joka lienee itsesi asentama
C:\Program Files\ARCHPR\archpr.exe

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=154

 

Kiittää ja kumartaa syvään...

 

[bold]Toymaatille[/bold]pitäisi luovuttaa aD:n "kunniajäsen" -titteli ja tehdä oma keskustelupalsta hjt-asioille, on se niin paljon meitä auttanut

 

Kannatan ajatusta...

 

Sama taalla...

 

kannatetaan...

 

KANNATETAAN

 

Kaikki kannattaa!