HJT-logi!

F-secure löys 3 mutta ei voinu poistaa niitä. Kuinka ne voin poistaa?

Ekana F-secure logi ja siite HJT logi.

Tarkistusraportti
2009-02-10 07:31 - 09:28

Tietokoneen nimi: HP-PC
Tarkistustyyppi: Suorita tietokoneen täysi tarkistus
Kohde: C:\ F:\ + järjestelmä
Tulos: 3 haittaohjelmaa löytyi
P2P-Worm.Win32.Bacteraloh.bb (virus)

* C:\Users\All Users\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe\\Setup.exe
* C:\SwSetup\WLAN\is.exe
* C:\ProgramData\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe\\Setup.exe

Tilastot
Tarkistettu:

* Tiedostot: 94402
* Tarkistamatta: 36

Tulos:

* Virukset: 3
* Vakoiluohjelmat: 0
* Epäilyttävät kohteet: 0
* Riskiohjelma: 0

Toiminnot:

* Puhdistettu: 0
* Nimetty uudelleen: 0
* Poistettu: 0
* Eristetty: 0
* Epäonnistui: 0

Käynnistyssektorit:

* Tarkistettu: 4
* Saanut tartunnan: 0
* Epäilyttävät kohteet: 0
* Puhdistettu: 0

Tiedostot, tarkistamattomat:

* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\HIBERFIL.SYS
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\PAGEFILE.SYS
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\SYSPREP\PANTHER\DIAGERR.XML
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\SYSPREP\PANTHER\DIAGWRN.XML
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\PANTHER\DIAGERR.XML
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\PANTHER\DIAGWRN.XML
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\PANTHER\UNATTENDGC\DIAGERR.XML
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\PANTHER\UNATTENDGC\DIAGWRN.XML
* Pakatussa tiedostossa C:\USERS\TONI KOKKO\DOCUMENTS\MY GAMES\HALO TRIAL\SAVEGAMES\NEW001\SAVEGAME.BIN olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa image/decormenu.raw olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.sav olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st1 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st2 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st3 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st4 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st5 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st6 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st7 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st8 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.st9 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa Munamario.sta olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa POKERED.GB6 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa POKERED.GB7 olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa C:\USERS\TONI KOKKO\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\62YOW05V.DEFAULT\CACHE\_CACHE_001_ olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa C:\USERS\TONI KOKKO\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\62YOW05V.DEFAULT\CACHE\_CACHE_002_ olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa C:\USERS\TONI KOKKO\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\62YOW05V.DEFAULT\CACHE\_CACHE_003_ olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa C:\USERS\JÄRJESTELMÄNVALVOJA2\DOCUMENTS\MY GAMES\HALO TRIAL\SAVEGAME.BIN olevan tiedoston avaaminen ei onnistu.
* Pakatussa tiedostossa C:\USERS\JÄRJESTELMÄNVALVOJA2\DOCUMENTS\MY GAMES\HALO TRIAL\SAVEGAMES\TONIX\SAVEGAME.BIN olevan tiedoston avaaminen ei onnistu.
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9CBF8F731A449C9185A1181C82CA673_47016949-2056-4F55-BED7-273AE112293E
* Pakatussa tiedostossa C:\SWSETUP\ROXIOCB9\EMC_HPCPC_905\DATA11.CAB olevan tiedoston avaaminen ei onnistu.
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9CBF8F731A449C9185A1181C82CA673_47016949-2056-4F55-BED7-273AE112293E
* Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\BOOT\BCD
* Kohteen F:\bf1942_mp_demo.exe tarkistus on keskeytetty. [F-Secure AVP]

Asetukset
Tunnisteiden versio:

* Virukset: 2009-02-10_06
* Vakoiluohjelmat: 2009-02-10_02

Tarkistusohjelmat:

* F-Secure AVP: 7.00.171, 2009-02-09
* F-Secure Hydra: 3.06.8511, 2009-02-10

Tarkistusasetukset:

* Tarkista määritetyt tiedostot: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ JOB ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Tarkista pakatut tiedostot

Toiminnot:

* Virukset: Valitaan tarkistuksen jälkeen
* Vakoiluohjelmat: Valitaan tarkistuksen jälkeen

Lisätietoja virheestä
"Tiedoston avaaminen ei onnistu" -virhe:
"Tiedoston avaaminen ei onnistu" -virheilmoitus tarkoittaa, että tarkistusohjelma ei voinut avata tiedostoa ja tiedostoa ei tarkistettu. Voit yleensä jättää tämän virheilmoituksen huomiotta, koska tälle ilmoitukselle on useita syitä, jotka eivät liity tietoturvauhkiin. Näitä ovat esimerkiksi seuraavat syyt:

* Tiedosto oli järjestelmätiedosto. Käyttöjärjestelmä suojaa järjestelmätiedostot oletusarvoisesti. Voit tässä tapauksessa jättää ilmoituksen huomiotta.
* Sinulla ei ole valtuuksia tiedoston lukemiseen. Kirjaudu sisään käyttäjätunnuksella, jolla on riittävät valtuudet (esim. järjestelmänvalvojan käyttäjätunnuksella) ja suorita tarkistus uudelleen.
* Tiedosto oli jonkin sovelluksen käytössä tarkistusta suoritettaessa. Jos haluat tarkistaa tämän tiedoston, sulje kaikki sovellukset ja suorita tarkistus uudelleen.

Copyright © 1998-2008 Tuotetuki | Lähetä virusnäyte F-Securelle
F-Secure ei vastaa kolmansien osapuolien luomasta tai julkaisemasta aineistosta, johon F-Securen Web-sivustossa on linkki. Ellei lähetyksen yhteydessä selvästi toisin mainita, F-Securella on oikeus julkaista kaikki F-Securen palvelimiin sähköpostitse tai F-Securen CGI-sähköpostin avulla lähetetty aineisto Web-sivuillaan tai julkaisuissaan. Pääset F-Securen julkisille Web-sivuille napsauttamalla alleviivattuja linkkejä. Käyntisi ja käyttämäsi toimialueen nimi kirjataan F-Securen yksityiseen käyttöön tarkoitettuun tilastolokiin. Kirjattuja tietoja ei luovuteta millekään kolmannelle osapuolelle. Suostumalla näihin ehtoihin luovut kaikista lähettämääsi aineistoon liittyvistä vaateista. Mikäli et selvästi ilmoita toisin lähetyksen yhteydessä, suostut siihen, että F-Securella on ilman mitään velvoitteita oikeus liittää mitkä tahansa lähettämässäsi aineistoissa kuvatut käsitteet F-Securen tuotteisiin ja julkaisuihin.




HJT-logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:02, on 10.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\EHTray.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5419 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Mitä seuraaavaksi?

Malwarebytes' Anti-Malware 1.33
Tietokantaversio: 1742
Windows 6.0.6001 Service Pack 1

10.2.2009 15:59:09
mbam-log-2009-02-10 (15-59-09).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 221295
Kulunut aika: 2 hour(s), 33 minute(s), 8 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-02-08.02 - Järjestelmänvalvoja2 10.02.2009 17:02:58.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1982.982 [GMT 2:00]
Sijainti: c:\users\Toni Kokko\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled*
* Uusi palautuspiste luotu
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-10 to 2009-02-10 )))))))))))))))))
.

2009-02-07 14:16 . 07.02.2009 14:16 <KANSIO> d-------- C:\.jagex_cache_32
2009-02-05 22:50 . 05.02.2009 22:50 42,320 --a------ c:\windows\System32\xfcodec.dll
2009-02-05 20:24 . 05.02.2009 20:24 <KANSIO> d-------- c:\users\Järjestelmänvalvoja2\AppData\Roaming\Xfire
2009-02-05 20:24 . 10.02.2009 06:48 <KANSIO> d-------- c:\users\All Users\Xfire
2009-02-05 20:24 . 10.02.2009 06:48 <KANSIO> d-------- c:\programdata\Xfire
2009-02-05 20:24 . 10.02.2009 06:48 <KANSIO> d-------- c:\program files\Xfire
2009-02-05 15:34 . 05.02.2009 15:36 737,280 --a------ c:\windows\iun6002.exe
2009-02-05 14:27 . 05.02.2009 14:27 21,840 --a----t- c:\windows\System32\SIntfNT.dll
2009-02-05 14:27 . 05.02.2009 14:27 17,212 --a----t- c:\windows\System32\SIntf32.dll
2009-02-05 14:27 . 05.02.2009 14:27 12,067 --a----t- c:\windows\System32\SIntf16.dll
2009-02-05 14:21 . 05.02.2009 14:21 94,208 --a------ c:\windows\DIIUnin.exe
2009-02-05 14:21 . 05.02.2009 14:21 16,994 --a------ c:\windows\DIIUnin.dat
2009-02-05 14:21 . 05.02.2009 14:21 2,829 --a------ c:\windows\DIIUnin.pif
2009-02-05 14:10 . 06.02.2009 08:49 <KANSIO> d-------- c:\program files\Diablo II
2009-02-02 01:22 . 02.02.2009 01:28 <KANSIO> d-------- C:\My Downloads
2009-01-29 17:40 . 29.01.2009 17:40 <KANSIO> d-------- c:\windows\BDOSCAN8
2009-01-29 12:05 . 29.01.2009 12:05 <KANSIO> d-------- c:\program files\SpeedFan
2009-01-29 12:05 . 29.01.2009 12:05 45 --a------ c:\windows\System32\initdebug.nfo
2009-01-24 19:26 . 24.01.2009 19:26 <KANSIO> d-------- c:\program files\Lavalys
2009-01-23 22:28 . 23.01.2009 22:28 <KANSIO> d-------- c:\program files\Microsoft
2009-01-23 17:56 . 23.01.2009 17:56 <KANSIO> d-------- c:\users\All Users\InstallShield
2009-01-23 17:56 . 23.01.2009 17:56 <KANSIO> d-------- c:\programdata\InstallShield
2009-01-23 17:54 . 23.01.2009 17:56 <KANSIO> d-------- c:\program files\Common Files\Jasc Software Inc
2009-01-23 17:53 . 23.01.2009 17:53 <KANSIO> d-------- c:\users\Toni Kokko\AppData\Roaming\Jasc Software Inc
2009-01-23 17:53 . 23.01.2009 17:53 <KANSIO> d-------- c:\program files\Jasc Software Inc
2009-01-22 05:08 . 22.01.2009 15:25 <KANSIO> d-------- c:\users\Toni Kokko\AppData\Roaming\SUPERAntiSpyware.com
2009-01-22 05:08 . 22.01.2009 05:08 <KANSIO> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-01-22 05:08 . 22.01.2009 05:08 <KANSIO> d-------- c:\programdata\SUPERAntiSpyware.com
2009-01-22 05:07 . 22.01.2009 05:07 <KANSIO> d-------- c:\users\Järjestelmänvalvoja2\AppData\Roaming\SUPERAntiSpyware.com
2009-01-22 05:07 . 22.01.2009 15:25 <KANSIO> d-------- c:\program files\SUPERAntiSpyware
2009-01-22 04:58 . 22.01.2009 05:01 <KANSIO> d-------- c:\users\Toni Kokko\.housecall6.6
2009-01-21 22:08 . 23.09.2005 17:02 887,296 --a------ c:\windows\System32\KsDHTMLEDLib.ocx
2009-01-21 21:24 . 21.01.2009 21:24 <KANSIO> d-------- c:\program files\Alwil Software
2009-01-20 21:31 . 20.01.2009 21:31 <KANSIO> d-------- c:\program files\ffdshow
2009-01-20 21:31 . 08.12.2008 12:53 57,344 --a------ c:\windows\System32\ff_vfw.dll
2009-01-20 21:31 . 08.12.2008 12:53 50,688 --a------ c:\windows\System32\ff_acm.acm
2009-01-17 22:40 . 17.01.2009 22:43 <KANSIO> d-------- c:\program files\SpywareBlaster
2009-01-17 10:27 . 17.01.2009 10:27 <KANSIO> d-------- c:\users\Järjestelmänvalvoja2\AppData\Roaming\DAEMON Tools Pro
2009-01-17 10:27 . 17.01.2009 10:27 <KANSIO> d-------- c:\users\Järjestelmänvalvoja2\AppData\Roaming\DAEMON Tools
2009-01-17 10:26 . 17.01.2009 10:26 <KANSIO> d-------- c:\users\All Users\DAEMON Tools Lite
2009-01-17 10:26 . 17.01.2009 10:26 <KANSIO> d-------- c:\programdata\DAEMON Tools Lite
2009-01-17 10:25 . 17.01.2009 10:28 <KANSIO> d-------- c:\users\Järjestelmänvalvoja2\AppData\Roaming\DAEMON Tools Lite
2009-01-14 22:46 . 28.09.2006 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2009-01-14 22:45 . 14.01.2009 22:45 <KANSIO> d-------- c:\program files\OpenAL
2009-01-14 22:45 . 14.01.2009 22:45 413,696 --a------ c:\windows\System32\wrap_oal.dll
2009-01-14 22:45 . 14.01.2009 22:45 86,016 --a------ c:\windows\System32\OpenAL32.dll
2009-01-14 12:52 . 16.12.2008 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 06:39 . 02.02.2009 01:18 <KANSIO> d-------- c:\program files\RevConnect
2009-01-13 21:05 . 24.01.2009 13:40 <KANSIO> d-------- c:\program files\Paint.NET
2009-01-13 18:09 . 13.01.2009 18:09 <KANSIO> d-------- c:\program files\X-Chat 2
2009-01-12 21:35 . 22.01.2009 21:10 33,408 --a------ c:\windows\System32\drivers\fsbts.sys
2009-01-12 18:20 . 12.01.2009 18:20 <KANSIO> d-------- c:\users\Järjestelmänvalvoja2\AppData\Roaming\F-Secure
2009-01-12 18:08 . 25.01.2009 17:20 <KANSIO> d-------- c:\users\Toni Kokko\AppData\Roaming\F-Secure
2009-01-12 18:02 . 14.10.2008 15:01 70,944 --a------ c:\windows\System32\drivers\fsdfw.sys
2009-01-12 18:02 . 14.10.2008 15:01 35,552 --a------ c:\windows\System32\drivers\fses.sys
2009-01-12 18:00 . 10.02.2009 16:55 <KANSIO> d-------- c:\program files\F-Secure Internet Security
2009-01-12 17:55 . 09.02.2009 15:27 <KANSIO> d-------- c:\users\All Users\fssg
2009-01-12 17:55 . 09.02.2009 15:27 <KANSIO> d-------- c:\programdata\fssg
2009-01-12 17:54 . 12.01.2009 18:01 <KANSIO> d-------- c:\users\All Users\f-secure
2009-01-12 17:54 . 12.01.2009 18:01 <KANSIO> d-------- c:\programdata\f-secure

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 15:07 1,572,864 --sha-w c:\users\Järjestelmänvalvoja2\NTUSER.DAT
2009-02-10 15:07 1,572,864 --sha-w c:\users\Järjestelmänvalvoja2\NTUSER.DAT
2009-02-10 14:53 28,314 ----a-w c:\users\All Users\nvModes.dat
2009-02-10 14:53 28,314 ----a-w c:\programdata\nvModes.dat
2009-02-10 14:52 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\Xfire
2009-02-10 04:52 --------- d-----w c:\program files\Steam
2009-02-09 20:32 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\uTorrent
2009-02-09 14:33 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\X-Chat 2
2009-02-08 22:02 34 ----a-w c:\users\Toni Kokko\jagex_runescape_preferences.dat
2009-02-07 14:00 --------- d-----w c:\program files\Microsoft Games
2009-02-05 18:24 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Xfire
2009-02-05 13:36 --------- d-----w c:\program files\EA GAMES
2009-02-05 13:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 18:14 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-24 10:44 --------- d-----w c:\program files\Lavasoft
2009-01-24 10:43 --------- d-----w c:\programdata\Lavasoft
2009-01-23 15:54 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-22 14:56 --------- d-----w c:\program files\Common Files\Adobe
2009-01-22 03:07 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\SUPERAntiSpyware.com
2009-01-17 08:42 52,736 ----a-w c:\windows\ipuninst.exe
2009-01-17 08:28 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\DAEMON Tools Lite
2009-01-17 08:27 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\DAEMON Tools Pro
2009-01-17 08:27 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\DAEMON Tools
2009-01-15 18:08 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-15 10:36 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 20:12 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\Skype
2009-01-14 17:32 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\U3
2009-01-14 14:39 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 14:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-12 16:20 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\F-Secure
2009-01-12 16:05 --------- d-----w c:\program files\Norman
2009-01-10 21:52 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\mIRC
2009-01-10 19:59 --------- d-----w c:\program files\xchat
2009-01-10 19:58 --------- d-----w c:\program files\Image-Line
2009-01-09 14:51 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\X-Chat 2
2009-01-08 22:05 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Winamp
2009-01-05 13:06 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\Ashampoo
2009-01-05 13:06 --------- d-----w c:\programdata\ashampoo
2009-01-05 12:51 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\Roxio
2009-01-04 11:22 --------- d-s---w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Microsoft
2009-01-01 22:13 --------- d-----w c:\program files\CCleaner
2008-12-30 10:36 --------- d-----w c:\programdata\NVIDIA
2008-12-28 15:32 --------- d-----w c:\programdata\Roxio
2008-12-25 07:37 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\WinRAR
2008-12-22 14:30 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\CyberLink
2008-12-22 14:29 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\HP
2008-12-22 13:30 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Malwarebytes
2008-12-22 11:19 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Macromedia
2008-12-22 11:19 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Adobe
2008-12-22 11:18 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Mozilla
2008-12-22 11:17 --------- d-----w c:\users\Järjestelmänvalvoja2\AppData\Roaming\Identities
2008-12-21 17:52 28,314 ----a-w c:\users\Toni Kokko\AppData\Roaming\nvModes.dat
2008-12-14 18:48 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-14 18:48 --------- d-----w c:\program files\Java
2008-12-11 13:00 249,592 ----a-w c:\windows\System32\cssdll32.dll
2008-12-10 21:23 --------- d-----w c:\users\Toni Kokko\AppData\Roaming\ImgBurn
2008-11-24 20:31 2,248,544 ----a-w c:\windows\System32\sqlncli.dll
2008-05-24 06:35 174 --sha-w c:\program files\desktop.ini
2007-11-12 15:12 856 ----a-w c:\users\Toni Kokko\AppData\Roaming\wklnhst.dat
2005-07-05 14:47 777 ----a-w c:\program files\trial_setup.ini
2005-07-05 14:47 5,133,312 ----a-w c:\program files\trial_setup.msi
2005-07-05 14:47 40,448 ----a-w c:\program files\trial_setup.exe
2007-10-28 17:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-28 17:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-28 17:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-30 15:12 16 --sha-w c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [28.03.2008 01:05 1045800]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [14.10.2008 15:03 182936]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [14.10.2008 15:03 957024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClientManagerV.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ClientManagerV.lnk
backup=c:\windows\pss\ClientManagerV.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 15.10.2008 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 19.01.2007 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 18.01.2008 22:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0E60E5F2-C916-49E0-95D4-2E627F9B6584}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{4C2E6A0D-F273-4BDA-83C8-F765026B7793}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"{D544B387-58C0-408C-A260-FD2D4E311490}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{8EA83D06-8F05-4EF9-80CA-755B77E5AFF8}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{AFD50BC0-ADB8-48FD-89BA-EB04869FB04A}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BE23AB97-F9AB-4DE6-A39D-6E559FC93900}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{D66B4CF5-C554-4AEB-A86E-AD7DB85A46A8}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CE2B4A9D-8D3E-493A-85E2-75A59E58922D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{9963DB7F-22C2-473D-9917-DC1D1E408B72}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{244AD98B-9023-47F0-AD1E-29BC7685E96A}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{F489A6A9-FE85-4FA6-85CF-E59E6DAF3156}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{7D9956B7-71D1-4FC4-9CE6-832F85DAB2F3}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{C1771924-088B-4479-9E4F-08E43FFECB97}c:\\program files\\msn messenger\\livecall.exe"= UDP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"UDP Query User{F792272E-B764-4CFD-B2F1-C8B157A42A87}c:\\program files\\msn messenger\\livecall.exe"= TCP:c:\program files\msn messenger\livecall.exe:Windows Live Call
"TCP Query User{FF66BB09-91AA-4DE6-AF98-A53FD47C99A4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{331EAEE3-D7AB-4DFB-B4A2-144FCF3159A8}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{9A954996-511F-4135-8468-ECB0BCE6021C}c:\\users\\toni kokko\\desktop\\nes\\nestc042\\nestcl95.exe"= UDP:c:\users\toni kokko\desktop\nes\nestc042\nestcl95.exe:nestcl95.exe
"UDP Query User{F76BA4B4-2BB9-409B-AE4E-4EB7BB4117F2}c:\\users\\toni kokko\\desktop\\nes\\nestc042\\nestcl95.exe"= TCP:c:\users\toni kokko\desktop\nes\nestc042\nestcl95.exe:nestcl95.exe
"TCP Query User{CCCA7D9E-957F-41C2-9E95-BF5A9D165A8B}c:\\users\\toni kokko\\desktop\\utorrent.exe"= UDP:c:\users\toni kokko\desktop\utorrent.exe:utorrent.exe
"UDP Query User{A5D6125A-F900-48E3-B961-6D3FEC8C95E5}c:\\users\\toni kokko\\desktop\\utorrent.exe"= TCP:c:\users\toni kokko\desktop\utorrent.exe:utorrent.exe
"TCP Query User{74C37976-832D-4749-804A-AD0500E05A5A}c:\\neverwinternights\\nwn\\nwmain.exe"= UDP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{800E3D01-47D1-4313-BFD1-B33D07152FC3}c:\\neverwinternights\\nwn\\nwmain.exe"= TCP:c:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"TCP Query User{E34D9D43-0DBD-438C-9399-F8EFF49FE563}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5801BA1E-24E1-4DAA-B511-AFB0979D09E9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{4DEA1078-B4EF-46F8-8AE7-B438930E46EF}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{FDBCB264-4CDB-4991-AD93-DE1FADBEE8BF}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{450ACF7E-B1DD-4791-8D62-03446A1DCE2A}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{D1B4E27F-BC0E-4084-A91F-84E9117CC3A0}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"TCP Query User{30F015A4-F3E8-4A45-BAA0-C14ACA1208CB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DB869AB6-C57A-45A4-9C81-A6635D2B3780}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{6D1C176D-F5CB-4456-9837-7333E5D352A9}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{0F745B67-F537-4EAD-B14E-6597D2C8D17E}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{D677DB5E-40A0-43E1-8D41-7D2419599383}c:\\program files\\ea games\\medal of honor pacific assault(tm) mpdemo2\\mohpa_mpdemo.exe"= UDP:c:\program files\ea games\medal of honor pacific assault(tm) mpdemo2\mohpa_mpdemo.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{458AC2B1-2FAC-4B4B-84F5-583EB41A645D}c:\\program files\\ea games\\medal of honor pacific assault(tm) mpdemo2\\mohpa_mpdemo.exe"= TCP:c:\program files\ea games\medal of honor pacific assault(tm) mpdemo2\mohpa_mpdemo.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{5EFC87C6-F824-46C0-B522-289B9521117F}c:\\program files\\ea games\\medal of honor pacific assault(tm) mpdemo2\\mohpa_mpdemo_server.exe"= UDP:c:\program files\ea games\medal of honor pacific assault(tm) mpdemo2\mohpa_mpdemo_server.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{5170532E-4D95-4AC3-8CB3-43BDD42DF486}c:\\program files\\ea games\\medal of honor pacific assault(tm) mpdemo2\\mohpa_mpdemo_server.exe"= TCP:c:\program files\ea games\medal of honor pacific assault(tm) mpdemo2\mohpa_mpdemo_server.exe:Medal of Honor Pacific Assault(tm)
"TCP Query User{C3BEF026-E9E6-49AF-8692-82BA32F08404}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{5D2F2AEB-CEDA-4639-A9D0-F0C577D93D08}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{13F890DE-490E-4B0B-A087-A1602366A068}c:\\program files\\wolfenstein - enemy territory\\etded.exe"= UDP:c:\program files\wolfenstein - enemy territory\etded.exe:ETDED
"UDP Query User{B91B82C8-9DF3-4DD9-944C-FE795C320114}c:\\program files\\wolfenstein - enemy territory\\etded.exe"= TCP:c:\program files\wolfenstein - enemy territory\etded.exe:ETDED
"{28350A57-E35F-4F9C-B726-7B3C68A588E3}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe:Blizzard Downloader
"{76E61FE2-B81C-4A09-983A-D667AD863C44}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-enGB-downloader.exe:Blizzard Downloader
"TCP Query User{6F5B6C21-B17E-4BA6-BACF-63340EF3162E}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{47B278DD-D9A1-41DF-BA07-E2CA5916589E}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{84C8EEEE-5646-45A6-9B3E-7BB1B421C0B7}c:\\users\\toni kokko\\desktop\\installer-22999-864-counter-strike.exe"= UDP:c:\users\toni kokko\desktop\installer-22999-864-counter-strike.exe:installer-22999-864-counter-strike.exe
"UDP Query User{96AF4C29-27B9-470A-898F-C74BDE0FA4B5}c:\\users\\toni kokko\\desktop\\installer-22999-864-counter-strike.exe"= TCP:c:\users\toni kokko\desktop\installer-22999-864-counter-strike.exe:installer-22999-864-counter-strike.exe
"TCP Query User{619080D8-8BD2-43BE-9D6D-20EF595F124B}c:\\program files\\jazz jackrabbit 2\\jazz2.exe"= UDP:c:\program files\jazz jackrabbit 2\jazz2.exe:Jazz Jackrabbit 2
"UDP Query User{E21B1754-AC24-4590-A3EC-7AD436050300}c:\\program files\\jazz jackrabbit 2\\jazz2.exe"= TCP:c:\program files\jazz jackrabbit 2\jazz2.exe:Jazz Jackrabbit 2
"{C430DAF0-70C6-4A09-9149-FE39258CC3E7}"= UDP:94:VRS Recording System Web Control Panel
"{5E1865ED-1E02-40B5-BD48-464808564702}"= TCP:8000:Axon Virtual PBX RTP Incoming Audio (UDP)
"{48B844C8-8091-454D-A500-3829598B8619}"= TCP:8001:Axon Virtual PBX RTP Incoming Audio (UDP)
"{D5122966-424E-4973-B4E8-621466F124FA}"= TCP:8002:Axon Virtual PBX RTP Incoming Audio (UDP)
"{14CA1EB7-06AF-4992-8F33-CA8A2A6907A1}"= TCP:8003:Axon Virtual PBX RTP Incoming Audio (UDP)
"{07144F0D-652E-4938-A4A6-7AB816714FFA}"= TCP:8004:Axon Virtual PBX RTP Incoming Audio (UDP)
"{10771593-3459-4E97-946D-393D93FCBD84}"= UDP:81:Axon Virtual PBX Web Server
"TCP Query User{DC46209A-4D4D-424A-8B56-2D92080081FA}c:\\program files\\condition zero\\hlds.exe"= UDP:c:\program files\condition zero\hlds.exe:HLDS Launcher
"UDP Query User{34072C27-AA45-49B3-938D-BE4BC547EAA6}c:\\program files\\condition zero\\hlds.exe"= TCP:c:\program files\condition zero\hlds.exe:HLDS Launcher
"TCP Query User{3C767F74-CB7D-4D9F-8EE2-50E472BA6FA5}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{DC78D1AA-837C-46A6-96FD-5D6B2A1BBECA}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"TCP Query User{AA2D2F5E-039A-4DD4-885B-C2D14B1A31A2}c:\\program files\\condition zero\\hlds.exe"= UDP:c:\program files\condition zero\hlds.exe:HLDS Launcher
"UDP Query User{0DBC3F9B-298F-4C44-8502-7B0DAA696F75}c:\\program files\\condition zero\\hlds.exe"= TCP:c:\program files\condition zero\hlds.exe:HLDS Launcher
"TCP Query User{D7AD1479-5F64-4930-83C8-2927AB9E0F13}c:\\program files\\steam\\steamapps\\tonikokko\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\tonikokko\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{F3C82F4E-374B-44B6-97CB-56D0293C4BA9}c:\\program files\\steam\\steamapps\\tonikokko\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\tonikokko\dedicated server\hlds.exe:HLDS Launcher
"TCP Query User{1EC6E41B-CDBA-49BF-B50B-42CDDB39E83D}c:\\program files\\css\\hl2.exe"= UDP:c:\program files\css\hl2.exe:hl2
"UDP Query User{A7391A47-23E6-4F58-ACEC-DD126FFE456F}c:\\program files\\css\\hl2.exe"= TCP:c:\program files\css\hl2.exe:hl2
"TCP Query User{5B91D1B4-4D0D-4392-B877-7605B8FE1A0C}c:\\program files\\css\\srcds.exe"= UDP:c:\program files\css\srcds.exe:srcds
"UDP Query User{B0D44996-1DFD-4C13-9FB0-FB239079A96A}c:\\program files\\css\\srcds.exe"= TCP:c:\program files\css\srcds.exe:srcds
"TCP Query User{A9F96E00-45E6-49C4-A318-F1A387CFC15E}c:\\program files\\steam\\steamapps\\tonikokko\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{52B86BB3-139B-41C0-9A76-7E0ACD830A9F}c:\\program files\\steam\\steamapps\\tonikokko\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{352C5FB1-A302-4D84-A303-94FC6280B1D8}c:\\program files\\steam\\steamapps\\tonikokko\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{B5482BF4-55AD-420C-A6AB-F7B0D353C806}c:\\program files\\steam\\steamapps\\tonikokko\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{8F8E66C1-9816-4E0E-95E3-78DC8B2BD9FD}c:\\program files\\steam\\steamapps\\tonikokko\\deathmatch classic\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{C4018428-4558-4595-A0C3-49A90D49A7B9}c:\\program files\\steam\\steamapps\\tonikokko\\deathmatch classic\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{DCFA1FCE-D408-47CD-8571-0105ACFA2916}c:\\program files\\steam\\steamapps\\tonikokko\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{62519076-C4D5-4189-AFA3-FB99447E71D0}c:\\program files\\steam\\steamapps\\tonikokko\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{0036597C-6744-46E1-87AB-B5DA7022EA80}c:\\program files\\steam\\steamapps\\tonikokko\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{663FFDC6-AE4E-48C0-A372-E2D9606A88CA}c:\\program files\\steam\\steamapps\\tonikokko\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{CA0AAE20-34D5-4F87-9E3A-BDFB0BDB4D71}c:\\program files\\steam\\steamapps\\tonikokko\\ricochet\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{0CD7D344-BF25-4DBC-BB9F-A077320A0F5C}c:\\program files\\steam\\steamapps\\tonikokko\\ricochet\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{A91F8163-967F-4925-AADE-F07576322012}c:\\program files\\steam\\steamapps\\tonikokko\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\tonikokko\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{28567FE8-4FFA-485F-9801-A152048863F2}c:\\program files\\steam\\steamapps\\tonikokko\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\tonikokko\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{E9852CC0-029E-4A0C-8096-FD6ECFAB0A90}c:\\program files\\steam\\steamapps\\tonikokko\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\tonikokko\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{0C665345-3CA8-457E-81C9-6BC344EC98A4}c:\\program files\\steam\\steamapps\\tonikokko\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\tonikokko\dedicated server\hlds.exe:HLDS Launcher
"TCP Query User{687C75CE-4F7D-40F5-8C14-87714F9F9416}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:war3
"UDP Query User{7D83C4AA-B864-4BB7-8ECA-0879524333EC}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:war3
"TCP Query User{01937352-B3E0-4023-A301-3C31B8535E5D}c:\\program files\\free internet tv\\internettv.exe"= UDP:c:\program files\free internet tv\internettv.exe:Free Internet TV
"UDP Query User{1BD9AA70-B7FD-479B-B7F9-B827DD9D7ECB}c:\\program files\\free internet tv\\internettv.exe"= TCP:c:\program files\free internet tv\internettv.exe:Free Internet TV
"TCP Query User{CC790F40-F1A4-425E-9896-B90D44EA42DB}c:\\program files\\imesh applications\\imesh\\imesh.exe"= UDP:c:\program files\imesh applications\imesh\imesh.exe:iMesh
"UDP Query User{5FA2CC62-D1E6-48F4-A379-97881541C956}c:\\program files\\imesh applications\\imesh\\imesh.exe"= TCP:c:\program files\imesh applications\imesh\imesh.exe:iMesh
"{8D434BBF-7B9D-4766-95C6-6BB933BFB15D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{424FA59B-44ED-4B85-90AA-433062FB3C35}c:\\program files\\steam\\steamapps\\tonikokko\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\tonikokko\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{3F7F8D91-AF39-4FB4-918E-106C2CDCCC38}c:\\program files\\steam\\steamapps\\tonikokko\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\tonikokko\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{B96D695D-8CC8-4D07-A5DD-791BD6310D28}c:\\program files\\steam\\steamapps\\tonikokko\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\tonikokko\source dedicated server\srcds.exe:srcds
"UDP Query User{19313382-DAC4-4AA3-8867-F5146EA31C8D}c:\\program files\\steam\\steamapps\\tonikokko\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\tonikokko\source dedicated server\srcds.exe:srcds
"TCP Query User{91DC95F0-E22E-4614-9B14-F6BEAD27C789}c:\\program files\\steam\\steamapps\\tonikokko\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\tonikokko\team fortress 2\hl2.exe:hl2
"UDP Query User{C105F45B-E023-42E8-8B91-3CC995C607C8}c:\\program files\\steam\\steamapps\\tonikokko\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\tonikokko\team fortress 2\hl2.exe:hl2
"TCP Query User{44BB0EE4-F377-469A-B4D6-D80175D9CECA}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{91B64548-43FD-4AED-B58F-8FBC4770020B}c:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{4BC51E23-3733-41AC-9162-923CB1A596DB}c:\\program files\\gamespy arcade\\aphex.exe"= UDP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade
"UDP Query User{6C88CB19-9F83-4819-BA76-DC7374CC48B2}c:\\program files\\gamespy arcade\\aphex.exe"= TCP:c:\program files\gamespy arcade\aphex.exe:GameSpy Arcade
"TCP Query User{756DFC95-D7CB-480C-8032-848E784C0710}c:\\program files\\steam\\steamapps\\tonikokko\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tonikokko\day of defeat source\hl2.exe:hl2
"UDP Query User{0554D116-1219-42FC-9796-E62DB27BBDAE}c:\\program files\\steam\\steamapps\\tonikokko\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tonikokko\day of defeat source\hl2.exe:hl2
"TCP Query User{79DA9B44-7689-4B4E-8547-36F63DFCC028}c:\\users\\toni kokko\\appdata\\local\\temp\\wzse1.tmp\\symnrt.exe"= UDP:c:\users\toni kokko\appdata\local\temp\wzse1.tmp\symnrt.exe:symnrt.exe
"UDP Query User{C3336B92-104F-40A9-872B-0AAE6917CC4E}c:\\users\\toni kokko\\appdata\\local\\temp\\wzse1.tmp\\symnrt.exe"= TCP:c:\users\toni kokko\appdata\local\temp\wzse1.tmp\symnrt.exe:symnrt.exe
"TCP Query User{3F2C2531-6397-40DC-BBD1-7DE0D99FD42A}c:\\program files\\xchat\\xchat.exe"= UDP:c:\program files\xchat\xchat.exe:XChat IRC Client
"UDP Query User{48B44EDE-07F6-4F3F-9219-93D4073BD322}c:\\program files\\xchat\\xchat.exe"= TCP:c:\program files\xchat\xchat.exe:XChat IRC Client
"TCP Query User{1807DC00-4740-4285-BAEB-7A470FA25F6A}c:\\program files\\steam\\steamapps\\avigga\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\avigga\source dedicated server\srcds.exe:srcds
"UDP Query User{BD3881C9-8577-4878-AE50-71EA1E2F7981}c:\\program files\\steam\\steamapps\\avigga\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\avigga\source dedicated server\srcds.exe:srcds
"TCP Query User{632A9822-2366-4C5F-9946-BCF45217B019}c:\\program files\\swarmplayer\\swarmplayer.exe"= UDP:c:\program files\swarmplayer\swarmplayer.exe:swarmplayer
"UDP Query User{D770F340-9627-4C5A-BC38-EE624EC0EF76}c:\\program files\\swarmplayer\\swarmplayer.exe"= TCP:c:\program files\swarmplayer\swarmplayer.exe:swarmplayer
"TCP Query User{7025C92C-326F-4C80-9A40-235F04872E01}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{0B0B6EFB-3F50-4C76-B1BB-5FA2C9C64DBE}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{F22F34CA-F474-47F7-833D-8C7E3F512871}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{85F9CF5B-1363-454B-BDA0-88D6D5BCE2BF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{D0677DA9-934F-4B03-A63A-71F8AD9CE7F5}c:\\program files\\steam\\steamapps\\avigga\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\avigga\team fortress 2\hl2.exe:hl2
"UDP Query User{C6A4E485-9C63-46C1-9603-D10E6AFC14BB}c:\\program files\\steam\\steamapps\\avigga\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\avigga\team fortress 2\hl2.exe:hl2
"TCP Query User{8BA66BAE-D314-44B6-A811-C5A824532414}c:\\program files\\steam\\steamapps\\avigga\\half-life 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\avigga\half-life 2\hl2.exe:hl2
"UDP Query User{6C2708B7-E72C-41D1-A6DD-E8C1D4D866D5}c:\\program files\\steam\\steamapps\\avigga\\half-life 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\avigga\half-life 2\hl2.exe:hl2
"{C59E32F3-0600-4929-83DD-328BB51CC2C4}"= UDP:c:\program files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe:Blizzard Downloader
"{F92C8592-E8E1-4274-ADC1-E04D4EDDA2BB}"= TCP:c:\program files\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe:Blizzard Downloader
"{228A0F0F-7A6F-4DE6-863A-0C6800D88497}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader
"{A5049911-5EDC-493D-95BF-668F714F538B}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader
"TCP Query User{EFF679D8-A571-41C8-9097-6D009425FFF8}c:\\program files\\world of warcraft\\world of warcraft\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\world of warcraft\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{C6DD3040-93B6-4B22-9AA3-AC0041DF3E95}c:\\program files\\world of warcraft\\world of warcraft\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\world of warcraft\world of warcraft\repair.exe:Blizzard Repair Utility
"{8F16C087-9E09-476E-9653-28B6D03710FB}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enGB-downloader.exe:Blizzard Downloader
"{30D23163-90AF-455E-BBFB-2A7A9D8A6950}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enGB-downloader.exe:Blizzard Downloader
"{4ED71020-8DAB-461E-A011-FF9054A4F98F}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{A48F3969-7B98-4FEF-A123-7729F99FB69C}c:\\users\\toni kokko\\desktop\\lierox_v0.56_pack_1.9\\lierox v0.56 pack 1.9\\lierox.exe"= UDP:c:\users\toni kokko\desktop\lierox_v0.56_pack_1.9\lierox v0.56 pack 1.9\lierox.exe:lierox.exe
"UDP Query User{9FDDD62B-6350-4110-AF53-4737FD530DBF}c:\\users\\toni kokko\\desktop\\lierox_v0.56_pack_1.9\\lierox v0.56 pack 1.9\\lierox.exe"= TCP:c:\users\toni kokko\desktop\lierox_v0.56_pack_1.9\lierox v0.56 pack 1.9\lierox.exe:lierox.exe
"TCP Query User{D5ECF7FC-3CA4-4EBF-94E6-CE7E719C438D}c:\\users\\toni kokko\\desktop\\lierox_v0.56_pack_1.9\\lierox v0.56 pack 1.9\\lierox.exe"= UDP:c:\users\toni kokko\desktop\lierox_v0.56_pack_1.9\lierox v0.56 pack 1.9\lierox.exe:lierox.exe
"UDP Query User{CEC1032E-1DF7-4CF6-B0BD-4B9ECFB8A640}c:\\users\\toni kokko\\desktop\\lierox_v0.56_pack_1.9\\lierox v0.56 pack 1.9\\lierox.exe"= TCP:c:\users\toni kokko\desktop\lierox_v0.56_pack_1.9\lierox v0.56 pack 1.9\lierox.exe:lierox.exe
"{77FAE065-C5AB-4851-A183-EE612AF46CC8}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{25634C9B-2C05-450D-B0AA-03952E3E3D3D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{66E0E986-796C-4553-8F29-3580DF0903B8}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{A052AC37-EA62-4011-B0FD-D1A0946168DA}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{C415CF1E-6660-4D46-80CE-899F0502C701}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{BCA21BF4-4166-4BB1-B95C-DA5C6CFDA864}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{26751923-DEFB-4A76-B360-5EE6BD2F1E8C}c:\\program files\\imesh applications\\imesh\\imesh.exe"= Disabled:UDP:c:\program files\imesh applications\imesh\imesh.exe:iMesh
"UDP Query User{19B221A2-173E-4CE8-A4F5-DAD2A22BA0C5}c:\\program files\\imesh applications\\imesh\\imesh.exe"= Disabled:TCP:c:\program files\imesh applications\imesh\imesh.exe:iMesh
"{4A3E76A5-F956-422C-A8B5-78D8DCE2B678}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{42161E04-D772-488E-A978-0F12110F6EF8}"= UDP:c:\users\Toni Kokko\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{C468BB28-F1EE-41BE-ADB4-0BCE04554273}"= TCP:c:\users\Toni Kokko\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{633A8E51-2411-4FDE-B3CC-9DC01825D5C2}"= UDP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Windows Anytime Upgrade
"{2C14C3C3-87EE-41D3-A496-4AA3D1483D3F}"= TCP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Windows Anytime Upgrade
"TCP Query User{F768F1E8-5EEF-4026-A257-C7565322B2E6}c:\\program files\\ea games\\battlefield 1942 multiplayer demo\\bf1942demo.exe"= UDP:c:\program files\ea games\battlefield 1942 multiplayer demo\bf1942demo.exe:BF1942Demo
"UDP Query User{7EB8ACDF-91C8-4741-A8ED-51ABFBC969B2}c:\\program files\\ea games\\battlefield 1942 multiplayer demo\\bf1942demo.exe"= TCP:c:\program files\ea games\battlefield 1942 multiplayer demo\bf1942demo.exe:BF1942Demo
"TCP Query User{1F434D85-F1EE-4188-8755-A11E6A925DE5}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{2D4E99AC-189D-4964-B304-AFB4FEAAB02E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{8143E39D-73F6-4DD2-84BE-BE9E9F2CDBC2}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{989DAD0E-DE07-48CE-957A-A99DFE9B5578}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{BF323C2F-DF04-41BB-B5E3-754432559C31}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exeC++
"UDP Query User{56AC46F7-6FAB-4504-9A98-426B0C3AC0F5}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exeC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-01-12 33408]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [2009-01-12 66720]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-01-12 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-01-12 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2009-01-12 12384]
R2 BWH32S;BWH32S;c:\program files\BUFFALO\clientmgrv\bin\BWH32S.exe [2008-10-07 57912]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2009-01-12 72288]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2009-01-12 55904]
R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;c:\windows\System32\drivers\usb8023.sys [2008-05-24 15872]
S3 Bufeap;BUFFALO EAP Driver;c:\windows\System32\drivers\BUFEAP.sys [2008-10-07 14848]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2007-05-11 329728]
S3 StickCap;Digital TV DVB-T USB Stick adapter service;c:\windows\System32\drivers\stickcap.sys [2008-10-22 15744]
S3 stickload;Digital TV stick firmware loader service;c:\windows\System32\drivers\stickload.sys [2008-10-22 17024]
S4 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [2009-01-12 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [2009-01-12 25184]

--- Muut muistissa olevat ajurit/palvelut ---

*NewlyCreated* - CLCAPSVC
*NewlyCreated* - CLSCHED
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-09 c:\windows\Tasks\User_Feed_Synchronization-{C68C7EA6-5ACB-42EA-BD75-B52875D630F3}.job
- c:\windows\system32\msfeedssync.exe [18.01.2008 22:33]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=73&bd=Pavilion&pf=laptop
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\Järjestelmänvalvoja2\AppData\Roaming\Mozilla\Firefox\Profiles\ffxj30ae.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 17:07:37
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(704)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(588)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(652)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
Valmistumisajankohta: 10.02.2009 17:11:14
ComboFix-quarantined-files.txt 2009-02-10 15:11:09
ComboFix2.txt 2008-12-17 11:08:13

Ennen ajoa: 57 394 716 672 tavua vapaana
Ajon jälkeen: 57,144,512,512 tavua vapaana

400 --- E O F --- 2009-02-10 09:06:42

 

siellä on koneella
SUPERAntiSpyware päivitä scannaa

 

hmmm. tiedätkö kauaanko tuossa skannauksessa menee?

 

Ei löytänyt mitään.

Mitä teen seuraavaksi?

 

Mitä nyt teen Hujo?

Uus HJT-logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:53, on 10.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\EHTray.exe
C:\Windows\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5500 bytes

 

Loki on ok

==========

Kirjoita suorita Luukkuun

combo>Fix /u

Klikkaa OK

 

Ok mut onko ne 3 viirusta kadonnu pois koneelt?
Skannaan koko koneel uudellee F-securel ja laitan sitte login.

 

heh,,, mä laitasin koneelle avastin ja viskasin f- securen mäkeen

 

Onko Avastissa koneelle hyökkääjille Block hommaa niiku f-secures. Miks F-secure on huono?
Kannattaako mulla laittaa Avasti sitten ku tuon F-securen lisenssi loppuu?

 

Tiedätkö hidastakaa Vistassa Aero vistaa?

 

Hei! Hujo meinaakko että suorita kohtaan ComboFix /u. Kun olit kirjoittanut minulle combo>Fix /u

 

Juu noin
ComboFix /u

klikkaa ok

============

joo kyllä olisin avastin kannalla.
kyllä se avasti huutaa pahasti kun yrität koneelle
saada jotain ei sinne sopivaa. Tietekin tunnisteista riipuva asia.
Ookos koskaan käyttänyt avastia.

Ex f-securen käyttäjä kauan sitten.

 

Juu sitä kokeilu versiota. Onko sinulla ostettu vai se ilmainen?

 

ilmanen on ollu koneella
nyt testaan nortonia kun oli tuossa emolevy cd:llä
semmonen ylelisyys sinne laitettu.

 

Juu. No Onko Norton hyvä? kumpi on parempi Avast vai norton

 

Minun mielestä huonoin virustorjunta ohjelma on Norman. Jos se löytää jotain nii se ei voi poistaa . Paras F-secure tai se Avast. Tän lisenssin jälkeen otan sen Avastin kun se on kuulemma parempi kuin tämä F-secure