Kone hidastelee!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 11:42:58, on 9.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138533860546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

 

Hei Timpe91. Ennen kuin aletaan fixaamaan HJT lokia, lue tämä ohje huolellisesti ja tee kuten siinä pyydetään. Kiitoksia.

---> http://personal.inet.fi/atk/ensiapu/

 

Eli teen tätä nyt hetken pikkuveljen puolesta. Mahd. hän jatkaa sitten tästä eteenpäin.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:29:27 9.3.2007

+ Scan result:



C:\Program Files\Sonera Tietoturva\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned with backup (quarantined).
[2992] C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Customer Support.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Error during cleaning.
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Mari\Local Settings\Temporary Internet Files\Content.IE5\IUJPD7HZ\popupjs[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.10:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.27:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.39:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.40:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.9:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.28:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.290:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.104:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.10:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.257:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.295:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.367:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.368:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.19:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.378:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.436:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.454:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.181:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.182:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.183:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.184:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.498:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.476:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.101:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.103:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.386:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.387:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.424:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.425:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.426:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.97:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.98:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.99:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.332:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.458:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.459:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.306:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.116:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.117:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.244:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.506:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.507:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.508:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.509:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.357:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
:mozilla.143:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.144:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.437:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.435:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.414:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.415:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.416:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.417:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.418:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.419:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.420:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.308:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.309:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.310:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.311:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.312:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.29:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.560:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.561:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.296:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.297:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.298:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.299:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.300:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.41:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.494:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.541:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.32:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.488:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.489:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.247:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.248:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.249:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.250:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.251:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.252:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.253:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.568:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Scanning Report
Friday, March 09, 2007 17:55:04 - 21:00:58
Computer name: SILJA-TIMO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
WhenU.SaveNow (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 697938
System: 4790
Not scanned: 63
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\HIJACKTHIS_V1.99.1.EXE
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_15C.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_168.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_1BC.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_774.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7C4.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_7F8.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_8E8.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_A78.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_AD8.DAT
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_D5C.DAT
C:\WINDOWS\TEMP\~DF5EDA.TMP
C:\WINDOWS\TEMP\~DF5EE2.TMP
C:\WINDOWS\TEMP\~DFA8E1.TMP
C:\WINDOWS\TEMP\~DFA8E9.TMP
C:\WINDOWS\TEMP\~DFD045.TMP
C:\WINDOWS\TEMP\~DFD04D.TMP
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\MACROMED\UPDATE\NEW\SHOCKWAVE 10\POSTUPDATE.EXE
C:\WINDOWS\SYSTEM32\MACROMED\SHOCKWAVE 8\XTRAS\INETURL.X32
C:\WINDOWS\SYSTEM32\MACROMED\SHOCKWAVE 8\XTRAS\NETFILE.X32
C:\WINDOWS\SYSTEM32\MACROMED\SHOCKWAVE 8\XTRAS\SPEECH.X32
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B5B1C029-F0C2-4EDB-9B11-24485DD98BB5}.BIN
C:\WINDOWS\I386\BIOS1.RO_
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\ADMIN.PUB
C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\POLICY.IPF
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\L0000006.FCS
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\DATA\MASTER.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\DATA\TEMPDB.MDF
C:\PROGRAM FILES\LIERO\LEVELS\747.LXL
C:\PROGRAM FILES\LIERO\LEVELS\NORMANDIE.LXL
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\SETUP.ILG
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\PROGRAM FILES\ACTIVISION\CALL OF DUTY 2\OTTP_CTF_MP.ZIP
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\MARI\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\MARI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_990.DAT
C:\DOCUMENTS AND SETTINGS\MARI\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_B70.DAT
C:\DOCUMENTS AND SETTINGS\MARI\LOCAL SETTINGS\TEMP\~DF6FCD.TMP
C:\DOCUMENTS AND SETTINGS\MARI\LOCAL SETTINGS\TEMP\~DF7D67.TMP
C:\DOCUMENTS AND SETTINGS\MARI\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\MARI\APPLICATION DATA\ISPNEWS\ISPN.INI
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SUPPORT.COM\PROFILES\TIMO\SONERA INSTALLER\ISSUES\8BE0B2B3-5015-4DC3-84C3-0C1CCD746E9B.CAB
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\DR WATSON\USER.DMP
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\DSS\MACHINEKEYS\7C02F78E0BF9DD2E961DB949123F5C53_F0C02745-08BF-4F1B-ABD7-5A8D06072B97

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-03-08
F-Secure AVP: 7.0.171, 2007-03-09
F-Secure Orion: 1.2.37, 2007-03-09
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-02-06
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

 

Katotaaan mitä tämä tuo tullessaan

 

Voisitko olla @Hujo,olla sekaantumasta tähän

 

Tuossa on se AVG anti-spywaren raportti:



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:29:27 9.3.2007

+ Scan result:



C:\Program Files\Sonera Tietoturva\FWES\program\fsdfwd.exe -> Adware.Gator : Cleaned with backup (quarantined).
[2992] C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Customer Support.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Error during cleaning.
C:\Documents and Settings\Timo\Käynnistä-valikko\Ohjelmat\WhenU\WhenU.com Website.url -> Adware.SaveNow : Error during cleaning.
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Mari\Local Settings\Temporary Internet Files\Content.IE5\IUJPD7HZ\popupjs[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.470:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.292:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.10:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.27:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.39:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.40:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.9:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.28:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.290:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.104:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.10:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.257:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.295:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.367:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.368:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.19:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.378:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.436:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.454:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.181:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.182:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.183:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.184:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.498:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.476:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.101:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.103:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.386:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.387:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.424:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.425:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.426:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.97:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.98:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.99:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.332:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.458:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.459:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.306:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.116:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.117:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.244:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.506:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.507:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.508:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.509:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.357:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@ads-205.quarterserver[1].txt -> TrackingCookie.Quarterserver : Cleaned.
:mozilla.143:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.144:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.437:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.435:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.414:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.415:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.416:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.417:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.418:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.419:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.420:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.308:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.309:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.310:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.311:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.312:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.28:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.29:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.30:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.560:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.561:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.296:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.297:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.298:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.299:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.300:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.41:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Vierailija\Application Data\Mozilla\Firefox\Profiles\e6c4mjic.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.494:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.541:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.32:C:\Documents and Settings\Silja\Application Data\Mozilla\Firefox\Profiles\5wea2bhl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.488:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.489:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Mari\Cookies\mari@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.247:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.248:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.249:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.250:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.251:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.252:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.253:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.568:C:\Documents and Settings\Mari\Application Data\Mozilla\Firefox\Profiles\gxs5kliy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 

Ja tuossa on F-secure online scannerin raportti:


Scanning Report
Monday, March 12, 2007 19:04:47 - 22:17:19
Computer name: SILJA-TIMO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 2 malware found
W32/Agent.AGHM (virus)
C:\Program Files\Setup\Setup.exe (Submitted)
W32/Malware (virus)
C:\WINDOWS\system32\Macromed\update\New\Shockwave 10\PostUpdate.exe (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 685117
System: 5020
Not scanned: 58
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 2
Files not scanned:
x
x
OT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{25F37C18-1C0A-406D-8552-D895EEBC5A28}.BIN
C:\WINDOWS\I386\BIOS1.RO_
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\ADMIN.PUB
C:\PROGRAM FILES\SONERA TIETOTURVA\COMMON\POLICY.IPF
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\L0000002.FCS
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\SONERA TIETOTURVA\BACKWEB\4436233\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\DATA\MASTER.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\DATA\TEMPDB.MDF
C:\DOCUMENTS AND SETTINGS\TIMO\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\TIMO\OMAT TIEDOSTOT\DESKTOP.INI
C:\DOCUMENTS AND SETTINGS\TIMO\OMAT TIEDOSTOT\VALMIIT\MUSIIKKI\KUMEELI\KUMMELI JACKPOT - Tää BIISI Jää SOIMAAN SUN PääHäN.MP3
C:\DOCUMENTS AND SETTINGS\TIMO\MALLIT\WINWORD2.DOC
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_1724.DAT
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_A6C.DAT
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF2D1A.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF3F92.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF42F8.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF59DC.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF5A68.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF6986.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF6C3B.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF8020.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF8577.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFA302.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFB4AD.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFC13F.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFCE92.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFE1F1.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFE26B.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFEF69.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\PASKA-HUUSSI@HOTMAIL.COM\SHARINGMETADATA\PENDING.DAT
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\PASKA-HUUSSI@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_AC04_1F62_41F_2EB8\DFSR.DB
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\PASKA-HUUSSI@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_AC04_1F62_41F_2EB8\FSR.LOG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\PASKA-HUUSSI@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_AC04_1F62_41F_2EB8\FSRTMP.LOG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\MESSENGER\PASKA-HUUSSI@HOTMAIL.COM\SHARINGMETADATA\WORKING\DATABASE_AC04_1F62_41F_2EB8\TMP.EDB
C:\DOCUMENTS AND SETTINGS\TIMO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILEOGRAî
®



--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-03-11
F-Secure AVP: 7.0.171, 2007-03-12
F-Secure Orion: 1.2.37, 2007-03-12
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-02-06
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

Ja sitten vielä päivitetty versio hjt:n logista:

Logfile of HijackThis v1.99.1
Scan saved at 22:24:21, on 12.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\Scanneri.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Setup] C:\Program Files\Setup\Setup.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138533860546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

 

Käynnistä AVG Anti-Spyware ja klikkaa Infections kuvaketta. Karanteeni (Quarantine) aukeaa. Etsi ja valitse fsdfwd.exe niminen tiedosto. Klikkaa Restore painiketta. Tämä ei ole haittaohjelma, vaan F-Securen komponentti. Suosittelen lisäämään tämän tiedoston exceptions listalle, jolloin AVG Anti-Spyware ei reagoi siihen.

[*]Klikkaa Exceptions kuvaketta.
[*]Klikkaa Add Rule.
[*]Valitse Ingore file/path.
[*]Kirjoita riville

C:\Program Files\Sonera Tietoturva\FWES\program\fsdfwd.exe

[*]Klikkaa OK.

[*]Klikkaa Shield kuvaketta
[*]Varmista että "Resident shield is" kohdassa lukee inactive

============================================

Tarkista seuraavat tiedostot virustotalissa:
http://www.virustotal.com/en/indexf.html

C:\Program Files\Setup\Setup.exe
C:\Program Files\pacificpoker\pacificpoker.exe

Huom, tiedostot pitää lähettää yksitellen.
Postita tulokset tänne.

Klikkaa Käynnistä > Ohjauspaneeli > Lisää tai poista sovellus.
Etsi ja poista seuraava sovellus (jos löytyy):

WhenUSave

Käynnistä HijackTHis ja klikkaa Do a system scan only. Valitse seuraavat rivit:

O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)

Klikkaa Fix Checked.

============================================

Laita piilotetut tiedostot näkyviin

[*]Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli.
[*]Valitse "Kansion asetukset"
[*]Siirry" Näytä välilehdelle"
[*]Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot."

Käynnistä tietokone vikasietotilaan

[*]Käynnistä kone uudelleen
[*]Kun kuulet koneen piippaavan, paina F8
(kuitenkin ennen Windowsin logon esiintuloa)
[*]Seuraavaksi pitäisi ilmestyä valikko
[*]Valitse valikosta vikasietotila

Kirjaudu sisään järjestelmänvalvojan tilillä

============================================

Posta seuraavat tiedostot/kansiot (jos löytyy):

C:\WINDOWS\Downloaded Program Files\sponsoradulto.dll
C:\Program Files\Save

Etsi seuraava tiedosto Windowsin Etsi-toiminnolla

winbue32.dll

Mikäli löytyy, poista se.

============================================

Lähetä uusi HiijackTHis loki.

 

tuossa se pacificpoker.exe:n virustotalin tulos ja sitten en löytänyt sitä Setup.exe:ä
Complete scanning result of "pacificpoker.exe", received in VirusTotal at 03.14.2007, 16:32:48 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.15.0 03.14.2007 no virus found
AntiVir 7.3.1.43 03.14.2007 no virus found
Authentium 4.93.8 03.13.2007 no virus found
Avast 4.7.936.0 03.14.2007 no virus found
AVG 7.5.0.447 03.13.2007 no virus found
BitDefender 7.2 03.14.2007 no virus found
CAT-QuickHeal 9.00 03.14.2007 no virus found
ClamAV 0.90.1 03.14.2007 no virus found
DrWeb 4.33 03.14.2007 no virus found
eSafe 7.0.14.0 03.14.2007 no virus found
eTrust-Vet 30.6.3477 03.14.2007 no virus found
Ewido 4.0 03.14.2007 no virus found
FileAdvisor 1 03.14.2007 no virus found
Fortinet 2.85.0.0 03.14.2007 no virus found
F-Prot 4.3.1.45 03.13.2007 no virus found
F-Secure 6.70.13030.0 03.14.2007 no virus found
Ikarus T3.1.1.3 03.14.2007 no virus found
Kaspersky 4.0.2.24 03.14.2007 no virus found
McAfee 4983 03.13.2007 no virus found
Microsoft 1.2306 03.14.2007 no virus found
NOD32v2 2114 03.14.2007 no virus found
Norman 5.80.02 03.14.2007 no virus found
Panda 9.0.0.4 03.13.2007 no virus found
Prevx1 V2 03.14.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.10.2007 no virus found
Symantec 10 03.14.2007 no virus found
TheHacker 6.1.6.075 03.14.2007 no virus found
UNA 1.83 03.13.2007 no virus found
VBA32 3.11.2 03.14.2007 no virus found
VirusBuster 4.3.7:9 03.14.2007 no virus found

Aditional Information
File size: 151552 bytes
MD5: d9a10f8f284d438cede3211e2fdc59d2
SHA1: d5418dfb9c1324617491c1f0d3d7b57ce8e74a09

 

ja tossa uusin HjT log

Logfile of HijackThis v1.99.1
Scan saved at 18:03:49, on 14.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hjt\Scanneri.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Setup] C:\Program Files\Setup\Setup.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138533860546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: Pinnacle Systems tvtv Spooler (EpgSpooler) - - c:\progra~1\pinnacle\mediac~1\epgspo~2.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe