kuvakkeet katoaa ja ilmestyy uudestaan vistalla

Niin siis mulla in vista ultimate 32bittinen ja mulla on sellanen ongelma että koko ajan kuvakkeet katoaa ja tuo alapalkkikin katoaa koko ajan ja sitten ne taas ilmestyy uudestaan, aivan niinkuin explorer sammuis ja käynnistyis uudestaan jatkuvasti ja sitten kun katsoo tehtävienhallinnasta niin siellä sellanen ohjelma kuin COM Surrogate sammuu ja käynnistyy jatkuvasti. Onkohan tämä jonkin pöpön aiheuttama ongelma?

täs on mun HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:27, on 11.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvutTNDT.dll,#1
O4 - HKCU\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [{47C3F792-4D79-EDD4-FF21-4A66C8A8DE0C}] C:\Users\Jani\AppData\Roaming\marikita.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jani\AppData\Local\Temp\awtrRJca.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jani\AppData\Local\Temp\ssQiFvSI.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7647 bytes

 

Poista lisää poista sovelutuksesta

Burn4Free Toolbar

Poista kansio vikasiedossa

C:\Program Files\Burn4Free Toolbar

===========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

 

ComboFix 08-05-11.1 - Jani 2008-05-12 18:17:19.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1035.18.1297 [GMT 3:00]
Running from: C:\Users\Jani\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Jani\AppData\Roaming\addon.dat
C:\Windows\msvrc20.dll
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-12 to 2008-05-12 )))))))))))))))))
.

2038-10-04 20:11 . 2007-11-20 16:41 4,096 --a------ C:\Windows\System32\78201.sys
2008-05-11 14:51 . 2008-05-11 14:51 761,856 --a------ C:\Users\Jani\vlc-0.8.6d-win32.zip
2008-05-11 14:50 . 2008-05-11 14:50 2,099,200 --a------ C:\Users\Jani\vlc-0.8.6d-win32.exe
2008-05-11 13:09 . 2008-05-11 13:09 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-10 18:42 . 2008-05-10 18:42 59,904 --a------ C:\Windows\System32\wvutTNDT.dll
2008-05-08 19:29 . 2008-05-08 19:29 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Touchstone
2008-05-08 19:28 . 2008-05-08 19:28 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-05-07 23:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-05-03 15:57 . 2008-05-03 15:57 <KANSIO> dr------- C:\Users\Public\Downloads
2008-05-03 15:47 . 2008-05-03 15:47 <KANSIO> d-------- C:\PerfLogs
2008-05-03 14:16 . 2008-01-19 10:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-03 14:15 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-03 14:14 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-03 14:13 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-03 14:13 . 2008-01-05 14:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-03 14:13 . 2008-01-05 14:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-05-03 14:13 . 2008-01-05 14:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-03 14:13 . 2008-01-05 14:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-03 14:13 . 2008-01-05 14:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-03 14:12 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-03 14:12 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-03 14:12 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-03 14:11 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-03 14:11 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-03 14:09 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-03 14:09 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-03 14:09 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-03 14:09 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-29 17:00 . 2008-04-29 17:00 <KANSIO> d-------- C:\Users\All Users\Futuremark
2008-04-29 17:00 . 2008-04-29 17:00 <KANSIO> d-------- C:\ProgramData\Futuremark
2008-04-29 15:56 . 2008-04-29 15:56 <KANSIO> d-------- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-04-29 15:48 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 15:48 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 15:48 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 15:48 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 15:48 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 15:48 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-23 21:45 . 2008-04-24 20:26 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Hamachi
2008-04-23 21:44 . 2008-04-23 21:44 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-04-17 15:17 . 2008-04-17 15:17 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-04-16 21:43 . 2008-04-28 19:32 <KANSIO> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 11:17 --------- d-----w C:\ProgramData\NVIDIA
2008-05-10 10:14 --------- d-----w C:\Program Files\Steam
2008-05-10 10:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 17:57 --------- d-----w C:\Program Files\Ubisoft
2008-05-07 13:16 --------- d-----w C:\Program Files\Last.fm
2008-05-03 12:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Journal
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Defender
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Calendar
2008-05-03 12:38 1,774,593 ----a-w C:\Users\Jani\AppData\Roaming\marikita.exe
2008-05-03 12:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-03 12:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-29 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 05:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-19 12:48 --------- d-----w C:\Users\Jani\AppData\Roaming\LimeWire
2008-04-11 14:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 13:02 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-11 13:02 22,328 ----a-w C:\Users\Jani\AppData\Roaming\PnkBstrK.sys
2008-04-11 13:02 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-11 13:02 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-11 13:02 --------- d-----w C:\ProgramData\Ubisoft
2008-04-11 04:36 --------- d-----w C:\Program Files\DivX
2008-04-09 13:11 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 13:11 --------- d-----w C:\Program Files\iTunes
2008-04-09 13:11 --------- d-----w C:\Program Files\iPod
2008-04-09 13:10 --------- d-----w C:\Program Files\QuickTime
2008-04-07 15:13 --------- d-----w C:\Users\Jani\AppData\Roaming\InstallShield
2008-04-07 15:13 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-03 13:33 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-28 13:56 --------- d-----w C:\Program Files\Java
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 16:32 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-20 16:32 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-13 19:36 --------- d-----w C:\Program Files\Burn4Free
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:14 223,744 ----a-w C:\Windows\System32\b4fm.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-12-11 15:22 81,920 ----a-w C:\Users\Jani\AppData\Roaming\ezpinst.exe
2007-12-11 15:22 47,360 ----a-w C:\Users\Jani\AppData\Roaming\pcouffin.sys
2007-10-03 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-03 15:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-03 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 16:03 93208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"{47C3F792-4D79-EDD4-FF21-4A66C8A8DE0C}"="C:\Users\Jani\AppData\Roaming\marikita.exe" [2008-05-03 15:38 1774593]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 10:38 1008184]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 12:02 4718592 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 19:15 1826816 C:\Windows\SkyTel.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSServer"="C:\Windows\system32\wvutTNDT.dll" [2008-05-10 18:42 59904]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{DAE41C02-250D-4B17-A055-703ED1DB1080}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{DB96D574-764E-4B4F-ACA8-0DD46A61D565}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{314E14D0-7B6C-4F48-9E67-EAA8B8D0F02C}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{220210E3-CE8F-46E6-9985-46172AA92973}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{081D67F5-0A2F-47CD-B679-FE9A4A43A14A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E1E09382-8993-425F-9458-12F141B60E2C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{09538011-7519-488C-9CDC-DCA0C3A4622E}C:\\users\\jani\\desktop\\nwserver.exe"= UDP:C:\users\jani\desktop\nwserver.exe:nwserver.exe
"UDP Query User{E8AB429D-7B43-4389-A005-1FD489532B00}C:\\users\\jani\\desktop\\nwserver.exe"= TCP:C:\users\jani\desktop\nwserver.exe:nwserver.exe
"TCP Query User{A7CA865B-939C-4DE3-B986-A2860234BB8E}C:\\program files\\neverwinterknights\\nwserver.exe"= UDP:C:\program files\neverwinterknights\nwserver.exe:Neverwinter Nights Server
"UDP Query User{4C417398-97FD-4B80-9C59-2A3A24946E9C}C:\\program files\\neverwinterknights\\nwserver.exe"= TCP:C:\program files\neverwinterknights\nwserver.exe:Neverwinter Nights Server
"TCP Query User{7151E893-C1CF-422C-93BF-8191B5FD1CAD}C:\\program files\\neverwinterknights\\nwmain.exe"= UDP:C:\program files\neverwinterknights\nwmain.exe:Neverwinter Nights
"UDP Query User{107B29FB-7CFB-4CED-A897-D257A819A69D}C:\\program files\\neverwinterknights\\nwmain.exe"= TCP:C:\program files\neverwinterknights\nwmain.exe:Neverwinter Nights
"{B4FAE677-9744-4AE0-A412-39F961D33986}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{2DB1E936-3555-4DE8-92D1-36C3CC5E9051}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0AAA4292-6FAA-4FD0-B70A-92F58D692717}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{0C36C4FD-4F63-4FD5-B2EC-FBBEF52A7810}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{14700C99-FB46-4925-84C4-D65196462993}C:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= UDP:C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:SPLINTERCELL3
"UDP Query User{43AC3C64-CBA5-4A30-A5D9-4E7E6938BEFE}C:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= TCP:C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:SPLINTERCELL3
"TCP Query User{2838B69A-0BB9-45CD-AAA2-388B7E2A67CB}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{344C2BF1-8CCC-4411-BED6-769D6DD02BAF}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{CF2AE45B-A92C-4120-A5F1-CB059CF0ABB5}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{4E7EE194-4A45-45BE-8E61-69D549380FC6}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"TCP Query User{F7D7DFB0-5D93-468D-9552-319918CEC527}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= UDP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{6D5083C0-043C-4961-86DF-CAC33CACAF40}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= TCP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"TCP Query User{2CAC1E00-935C-4CB6-9405-75E72E1C37FD}C:\\program files\\activision value\\wsop 2008\\wsopbftb.exe"= UDP:C:\program files\activision value\wsop 2008\wsopbftb.exe:WSOPBFTB
"UDP Query User{0F67EE23-A901-4E7F-B738-24AE32F68DE4}C:\\program files\\activision value\\wsop 2008\\wsopbftb.exe"= TCP:C:\program files\activision value\wsop 2008\wsopbftb.exe:WSOPBFTB
"TCP Query User{A7282E91-95B6-403A-9DD6-196B648938AD}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{3B663810-6284-4107-8485-4DBC18CB2ED6}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{67812B7F-9E0D-40EA-BCEB-5C25E5E2D281}C:\\users\\jani\\desktop\\dirt\\dirt.exe"= UDP:C:\users\jani\desktop\dirt\dirt.exe:dirt.exe
"UDP Query User{92D86442-A3B2-4506-87C2-D1ABD1032359}C:\\users\\jani\\desktop\\dirt\\dirt.exe"= TCP:C:\users\jani\desktop\dirt\dirt.exe:dirt.exe
"TCP Query User{E5A742CF-3E97-4E6A-88BD-1D13651281B8}C:\\program files\\system shock 2\\shock2.exe"= UDP:C:\program files\system shock 2\shock2.exe:System Shock 2
"UDP Query User{24327D90-28D6-49F8-B2D5-3A36FBE55CAA}C:\\program files\\system shock 2\\shock2.exe"= TCP:C:\program files\system shock 2\shock2.exe:System Shock 2
"TCP Query User{AAA8ABAC-6A20-4CA9-A33A-928EDF739735}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{E7953614-C868-415C-8F2D-4143795B200F}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{7AD66ACA-F959-4696-9A4C-C08A883D2050}C:\\program files\\gunz\\gunz.exe"= UDP:C:\program files\gunz\gunz.exe:Gunz
"UDP Query User{5B9108FE-D169-4F2F-9109-08DDE3354329}C:\\program files\\gunz\\gunz.exe"= TCP:C:\program files\gunz\gunz.exe:Gunz
"TCP Query User{0EE96257-46BE-41C7-9CA7-78D303F6D252}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{134DBCD7-589D-4E31-BD99-453D34DBF689}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{E15A74AE-8950-4946-B308-FCFE935F5714}C:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:C:\program files\bohemia interactive\arma\arma.exe:ArmA
"UDP Query User{5B015335-7C87-4BE6-810C-67CF340607D0}C:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:C:\program files\bohemia interactive\arma\arma.exe:ArmA
"TCP Query User{85842D15-0E7D-4B02-ACE3-71C72E5337C5}C:\\program files\\eidos\\conflict global storm\\conflictglobal.exe"= UDP:C:\program files\eidos\conflict global storm\conflictglobal.exe:Conflict Global Terror
"UDP Query User{6A53E2B2-E673-41C1-A5F5-65A36D1B3488}C:\\program files\\eidos\\conflict global storm\\conflictglobal.exe"= TCP:C:\program files\eidos\conflict global storm\conflictglobal.exe:Conflict Global Terror
"TCP Query User{04CC7025-B46E-4F5C-8E58-9726EB70C8BE}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"UDP Query User{337769E0-5326-4016-BE5F-1C3599E27CB3}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"TCP Query User{537A6EEF-382D-472D-83AF-6426BE77D035}C:\\users\\jani\\desktop\\alien shooter - vengeance\\alienshooter.exe"= UDP:C:\users\jani\desktop\alien shooter - vengeance\alienshooter.exe:alienshooter.exe
"UDP Query User{22B10463-3C3F-4080-9B44-4EEAA918C4F0}C:\\users\\jani\\desktop\\alien shooter - vengeance\\alienshooter.exe"= TCP:C:\users\jani\desktop\alien shooter - vengeance\alienshooter.exe:alienshooter.exe
"TCP Query User{F562816E-4231-4175-A502-592E90EC7D35}C:\\users\\jani\\desktop\\call of duty 4 modern warfare full\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\jani\desktop\call of duty 4 modern warfare full\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{4E0B4A29-07E8-4B87-A540-7260979DB722}C:\\users\\jani\\desktop\\call of duty 4 modern warfare full\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\jani\desktop\call of duty 4 modern warfare full\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{E8196746-5D5C-4846-8C56-FD72CA811AD4}C:\\users\\jani\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\jani\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{E2799963-708D-4CDF-A895-4D665715DB14}C:\\users\\jani\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\jani\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{A0FCF488-C7CA-420A-8532-DB1E9EF2FAAB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{94FCC236-715B-4C6F-9F64-FEDA0A1073BD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3B1C1A15-8201-4034-A391-DAB4CFEBF743}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exeandora
"UDP Query User{09F09055-BFF1-4D97-9FBD-52D47F49FD4D}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exeandora
"TCP Query User{F20049DC-E05D-40C3-AB64-674D16BFF9B2}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\online\\system\\shadowstrike_static_retail.exe"= UDP:C:\program files\ubisoft\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe:shadowstrike_static_retail
"UDP Query User{6D37AB70-100D-4BA1-8A56-AD7CB09CBDB4}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\online\\system\\shadowstrike_static_retail.exe"= TCP:C:\program files\ubisoft\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe:shadowstrike_static_retail
"TCP Query User{81543F1D-6F7D-4AB1-BFFF-801E11ADD025}G:\\cod4\\iw3mp.exe"= UDP:G:\cod4\iw3mp.exe:iw3mp
"UDP Query User{BF39F71A-99EB-412B-9CEA-B8947C33B008}G:\\cod4\\iw3mp.exe"= TCP:G:\cod4\iw3mp.exe:iw3mp
"{7910F989-24E4-4C3F-8E2B-39F7D60EE663}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{DAAF562D-4DD5-427C-8900-A81D16A0EE7C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A07ED2CD-03ED-4882-9C59-95BB388F6AEA}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E44FA8CD-F658-499B-BA77-40EBF631411E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{0015A37A-ADA1-40F6-8BC5-11D64297E532}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{26341588-3AA2-4B56-B265-D8ED4242BBD6}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"{F35CFAB5-2D95-4654-B69A-435357E251AB}"= TCP:64087:crysis
"{4E885B8F-B900-4DF9-ACA7-C8F398069E25}"= UDP:29900:crysis
"{7E83886B-83F9-4BE0-BA8E-B86C59F8E7D7}"= UDP:29901:crysis
"{121E0A37-7421-4E76-A62B-AA5CE0579150}"= UDP:28910:crysis
"{4FC5E77D-8DF6-4A4A-BE0E-A62BDE4EBD8F}"= UDP:6667:crysis
"{2B881173-46D5-48D4-9060-5A9A2244E660}"= TCP:29910:crysis
"{32BBD638-76E3-4332-9EBA-FAAF0B7FB772}"= TCP:27900:crysis
"{5A3DFD1C-BD24-412F-8231-5B247074FCDE}"= TCP:27901:crysis
"TCP Query User{1BA47F62-8506-4AC5-BB35-383D3DD83ED6}C:\\users\\jani\\desktop\\tom clancy's splinter cell double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= UDP:C:\users\jani\desktop\tom clancy's splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe:splintercell4.exe
"UDP Query User{8EFD738A-95A8-43EB-895C-C5EB7EEA92E9}C:\\users\\jani\\desktop\\tom clancy's splinter cell double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= TCP:C:\users\jani\desktop\tom clancy's splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe:splintercell4.exe
"TCP Query User{CFADD51E-C619-40AB-8AD5-39277D25AD41}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3B35D0FC-9D45-43D0-B55A-DD4ACBDE3730}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{25E72134-92B0-4231-94D1-0F62129F48C0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{174173BB-5326-4E08-8A8D-D10167C1BB76}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8991B0ED-A49D-49CE-A3DA-F21CA8BC6FE6}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{BFAB678A-13B2-46D0-992B-5E59C5CF9FD0}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E21582F4-44F1-42FF-A1C0-E857E5EADAB0}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{80A8A95E-3EA0-4E59-B8FA-6D73BA1C3F86}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{C613BC0F-9BCE-4562-ADCE-C0FA956464D5}C:\\program files\\steam\\steamapps\\jantura\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\source sdk base\hl2.exe:hl2
"UDP Query User{F38A707E-0E3C-41E6-80C0-5E33888796D2}C:\\program files\\steam\\steamapps\\jantura\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\source sdk base\hl2.exe:hl2
"TCP Query User{7DD4641D-D2DE-4FB5-B0B7-916B8B85370A}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= UDP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{E3F760D3-F682-4626-9A8E-A2F250CFC3DD}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= TCP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{490B859C-A9F3-4571-B8AA-EB3D8C250B14}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{E69F04F3-417D-4FAE-B887-2B3A026ECE1E}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{ADEC2230-394B-495A-9B5F-371368B1A130}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{46DEDC44-FDD5-4E49-ACC8-A7B3ABBE9694}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{D014F41B-03F1-4C26-A35E-57DA4859F97D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CA4DA8B0-0502-4D78-933D-3A768F997EBF}C:\\users\\jani\\desktop\\the club\\the club\\theclub.exe"= UDP:C:\users\jani\desktop\the club\the club\theclub.exe:theclub.exe
"UDP Query User{469FE26B-4D2D-4F13-8F94-EBE1A7BAC95C}C:\\users\\jani\\desktop\\the club\\the club\\theclub.exe"= TCP:C:\users\jani\desktop\the club\the club\theclub.exe:theclub.exe
"TCP Query User{5674C55C-F1F2-4BDF-A791-8BC82EC65188}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A8E92046-9FB7-4E2D-B0E1-DC6BAFAE7C71}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{53DBAF39-DE7D-4740-BC1E-AA361CCEF0D6}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= UDP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{C8786BA4-B3F5-4E4E-AAD6-C1DE481CF5FD}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= TCP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{1E65291B-18E6-4EB4-B6BD-96AF321D04A8}C:\\program files\\capcom\\lost planet extreme condition\\lostplanetdx10.exe"= UDP:C:\program files\capcom\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{C6D24534-92E3-4655-A1ED-26052D8ACE9D}C:\\program files\\capcom\\lost planet extreme condition\\lostplanetdx10.exe"= TCP:C:\program files\capcom\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{46AA20DC-6E5C-4405-8860-C711E55E8DA8}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"UDP Query User{D1F3FDBF-00E4-4FA8-BE21-552270933965}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"{4F440F28-88F2-4BE9-8618-806EC1AB3292}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E8CC7186-1A76-4598-BD79-8AA7EAD89BDD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B5FF313F-868F-4A4A-A924-FD1C04557161}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{FE124297-BA92-4AAC-BEA9-0DAA6D54A4E9}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0B871698-2678-46D1-82B2-DC793346E797}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{12768F5A-C54D-44E7-AE5B-7DC7B9AD6244}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{42473821-5491-4C87-87B7-20F0E0D66E39}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{AC508FA5-3532-4B7E-A738-F3514FAF0850}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{FFE94575-B410-45DC-9775-131A24001750}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{03180CD1-A354-4E3C-9B1B-BFB753C5E2C7}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{66625D35-B1BB-4588-B580-2D19BBEA8ED5}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C5E0FEA8-502F-4EDE-9BA6-10925CBC3E94}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{F2D556CE-6EE9-40E8-A40F-988E4333E2C2}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{CAFCC4D0-FA27-4E72-9610-A54F47B80BB7}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"TCP Query User{66288AD5-593F-4478-9CB1-D4689F309FED}C:\\users\\jani\\desktop\\turok.full-rip.skullptura\\turok\\binaries\\turokgame.exe"= UDP:C:\users\jani\desktop\turok.full-rip.skullptura\turok\binaries\turokgame.exe:turokgame.exe
"UDP Query User{EB266C17-386E-4439-836F-479DEA89E3BE}C:\\users\\jani\\desktop\\turok.full-rip.skullptura\\turok\\binaries\\turokgame.exe"= TCP:C:\users\jani\desktop\turok.full-rip.skullptura\turok\binaries\turokgame.exe:turokgame.exe

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2006-07-11 10:30]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 78201;78201;C:\Windows\System32\78201.sys [2007-11-20 16:41]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 20:32]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 17:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 16:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc17722d-71c5-11dc-99d4-806e6f6e6963}]
\shell\AutoRun\command - E:\.\Bin\Assetup.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-11 17:00:16 C:\Windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:21:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 18:22:58
ComboFix-quarantined-files.txt 2008-05-12 15:22:37

Pre-Run: 86,775,504,896 tavua vapaana
Post-Run: 86,749,749,248 tavua vapaana

319 --- E O F --- 2008-05-09 08:59:27

 

ComboFix 08-05-11.1 - Jani 2008-05-12 18:17:19.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1035.18.1297 [GMT 3:00]
Running from: C:\Users\Jani\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Jani\AppData\Roaming\addon.dat
C:\Windows\msvrc20.dll
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-12 to 2008-05-12 )))))))))))))))))
.

2038-10-04 20:11 . 2007-11-20 16:41 4,096 --a------ C:\Windows\System32\78201.sys
2008-05-11 14:51 . 2008-05-11 14:51 761,856 --a------ C:\Users\Jani\vlc-0.8.6d-win32.zip
2008-05-11 14:50 . 2008-05-11 14:50 2,099,200 --a------ C:\Users\Jani\vlc-0.8.6d-win32.exe
2008-05-11 13:09 . 2008-05-11 13:09 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-10 18:42 . 2008-05-10 18:42 59,904 --a------ C:\Windows\System32\wvutTNDT.dll
2008-05-08 19:29 . 2008-05-08 19:29 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Touchstone
2008-05-08 19:28 . 2008-05-08 19:28 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-05-07 23:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-05-03 15:57 . 2008-05-03 15:57 <KANSIO> dr------- C:\Users\Public\Downloads
2008-05-03 15:47 . 2008-05-03 15:47 <KANSIO> d-------- C:\PerfLogs
2008-05-03 14:16 . 2008-01-19 10:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-03 14:15 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-03 14:14 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-03 14:13 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-03 14:13 . 2008-01-05 14:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-03 14:13 . 2008-01-05 14:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-05-03 14:13 . 2008-01-05 14:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-03 14:13 . 2008-01-05 14:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-03 14:13 . 2008-01-05 14:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-03 14:12 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-03 14:12 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-03 14:12 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-03 14:11 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-03 14:11 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-03 14:09 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-03 14:09 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-03 14:09 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-03 14:09 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-29 17:00 . 2008-04-29 17:00 <KANSIO> d-------- C:\Users\All Users\Futuremark
2008-04-29 17:00 . 2008-04-29 17:00 <KANSIO> d-------- C:\ProgramData\Futuremark
2008-04-29 15:56 . 2008-04-29 15:56 <KANSIO> d-------- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-04-29 15:48 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 15:48 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 15:48 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 15:48 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 15:48 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 15:48 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-23 21:45 . 2008-04-24 20:26 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Hamachi
2008-04-23 21:44 . 2008-04-23 21:44 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-04-17 15:17 . 2008-04-17 15:17 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-04-16 21:43 . 2008-04-28 19:32 <KANSIO> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 11:17 --------- d-----w C:\ProgramData\NVIDIA
2008-05-10 10:14 --------- d-----w C:\Program Files\Steam
2008-05-10 10:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 17:57 --------- d-----w C:\Program Files\Ubisoft
2008-05-07 13:16 --------- d-----w C:\Program Files\Last.fm
2008-05-03 12:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Journal
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Defender
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Calendar
2008-05-03 12:38 1,774,593 ----a-w C:\Users\Jani\AppData\Roaming\marikita.exe
2008-05-03 12:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-03 12:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-29 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 05:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-19 12:48 --------- d-----w C:\Users\Jani\AppData\Roaming\LimeWire
2008-04-11 14:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 13:02 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-11 13:02 22,328 ----a-w C:\Users\Jani\AppData\Roaming\PnkBstrK.sys
2008-04-11 13:02 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-11 13:02 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-11 13:02 --------- d-----w C:\ProgramData\Ubisoft
2008-04-11 04:36 --------- d-----w C:\Program Files\DivX
2008-04-09 13:11 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 13:11 --------- d-----w C:\Program Files\iTunes
2008-04-09 13:11 --------- d-----w C:\Program Files\iPod
2008-04-09 13:10 --------- d-----w C:\Program Files\QuickTime
2008-04-07 15:13 --------- d-----w C:\Users\Jani\AppData\Roaming\InstallShield
2008-04-07 15:13 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-03 13:33 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-28 13:56 --------- d-----w C:\Program Files\Java
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 16:32 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-20 16:32 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-13 19:36 --------- d-----w C:\Program Files\Burn4Free
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:14 223,744 ----a-w C:\Windows\System32\b4fm.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-12-11 15:22 81,920 ----a-w C:\Users\Jani\AppData\Roaming\ezpinst.exe
2007-12-11 15:22 47,360 ----a-w C:\Users\Jani\AppData\Roaming\pcouffin.sys
2007-10-03 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-03 15:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-03 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 16:03 93208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"{47C3F792-4D79-EDD4-FF21-4A66C8A8DE0C}"="C:\Users\Jani\AppData\Roaming\marikita.exe" [2008-05-03 15:38 1774593]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 10:38 1008184]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 12:02 4718592 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 19:15 1826816 C:\Windows\SkyTel.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSServer"="C:\Windows\system32\wvutTNDT.dll" [2008-05-10 18:42 59904]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{DAE41C02-250D-4B17-A055-703ED1DB1080}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{DB96D574-764E-4B4F-ACA8-0DD46A61D565}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{314E14D0-7B6C-4F48-9E67-EAA8B8D0F02C}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{220210E3-CE8F-46E6-9985-46172AA92973}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{081D67F5-0A2F-47CD-B679-FE9A4A43A14A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E1E09382-8993-425F-9458-12F141B60E2C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{09538011-7519-488C-9CDC-DCA0C3A4622E}C:\\users\\jani\\desktop\\nwserver.exe"= UDP:C:\users\jani\desktop\nwserver.exe:nwserver.exe
"UDP Query User{E8AB429D-7B43-4389-A005-1FD489532B00}C:\\users\\jani\\desktop\\nwserver.exe"= TCP:C:\users\jani\desktop\nwserver.exe:nwserver.exe
"TCP Query User{A7CA865B-939C-4DE3-B986-A2860234BB8E}C:\\program files\\neverwinterknights\\nwserver.exe"= UDP:C:\program files\neverwinterknights\nwserver.exe:Neverwinter Nights Server
"UDP Query User{4C417398-97FD-4B80-9C59-2A3A24946E9C}C:\\program files\\neverwinterknights\\nwserver.exe"= TCP:C:\program files\neverwinterknights\nwserver.exe:Neverwinter Nights Server
"TCP Query User{7151E893-C1CF-422C-93BF-8191B5FD1CAD}C:\\program files\\neverwinterknights\\nwmain.exe"= UDP:C:\program files\neverwinterknights\nwmain.exe:Neverwinter Nights
"UDP Query User{107B29FB-7CFB-4CED-A897-D257A819A69D}C:\\program files\\neverwinterknights\\nwmain.exe"= TCP:C:\program files\neverwinterknights\nwmain.exe:Neverwinter Nights
"{B4FAE677-9744-4AE0-A412-39F961D33986}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{2DB1E936-3555-4DE8-92D1-36C3CC5E9051}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0AAA4292-6FAA-4FD0-B70A-92F58D692717}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{0C36C4FD-4F63-4FD5-B2EC-FBBEF52A7810}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{14700C99-FB46-4925-84C4-D65196462993}C:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= UDP:C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:SPLINTERCELL3
"UDP Query User{43AC3C64-CBA5-4A30-A5D9-4E7E6938BEFE}C:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= TCP:C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:SPLINTERCELL3
"TCP Query User{2838B69A-0BB9-45CD-AAA2-388B7E2A67CB}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{344C2BF1-8CCC-4411-BED6-769D6DD02BAF}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{CF2AE45B-A92C-4120-A5F1-CB059CF0ABB5}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{4E7EE194-4A45-45BE-8E61-69D549380FC6}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"TCP Query User{F7D7DFB0-5D93-468D-9552-319918CEC527}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= UDP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{6D5083C0-043C-4961-86DF-CAC33CACAF40}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= TCP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"TCP Query User{2CAC1E00-935C-4CB6-9405-75E72E1C37FD}C:\\program files\\activision value\\wsop 2008\\wsopbftb.exe"= UDP:C:\program files\activision value\wsop 2008\wsopbftb.exe:WSOPBFTB
"UDP Query User{0F67EE23-A901-4E7F-B738-24AE32F68DE4}C:\\program files\\activision value\\wsop 2008\\wsopbftb.exe"= TCP:C:\program files\activision value\wsop 2008\wsopbftb.exe:WSOPBFTB
"TCP Query User{A7282E91-95B6-403A-9DD6-196B648938AD}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{3B663810-6284-4107-8485-4DBC18CB2ED6}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{67812B7F-9E0D-40EA-BCEB-5C25E5E2D281}C:\\users\\jani\\desktop\\dirt\\dirt.exe"= UDP:C:\users\jani\desktop\dirt\dirt.exe:dirt.exe
"UDP Query User{92D86442-A3B2-4506-87C2-D1ABD1032359}C:\\users\\jani\\desktop\\dirt\\dirt.exe"= TCP:C:\users\jani\desktop\dirt\dirt.exe:dirt.exe
"TCP Query User{E5A742CF-3E97-4E6A-88BD-1D13651281B8}C:\\program files\\system shock 2\\shock2.exe"= UDP:C:\program files\system shock 2\shock2.exe:System Shock 2
"UDP Query User{24327D90-28D6-49F8-B2D5-3A36FBE55CAA}C:\\program files\\system shock 2\\shock2.exe"= TCP:C:\program files\system shock 2\shock2.exe:System Shock 2
"TCP Query User{AAA8ABAC-6A20-4CA9-A33A-928EDF739735}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{E7953614-C868-415C-8F2D-4143795B200F}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{7AD66ACA-F959-4696-9A4C-C08A883D2050}C:\\program files\\gunz\\gunz.exe"= UDP:C:\program files\gunz\gunz.exe:Gunz
"UDP Query User{5B9108FE-D169-4F2F-9109-08DDE3354329}C:\\program files\\gunz\\gunz.exe"= TCP:C:\program files\gunz\gunz.exe:Gunz
"TCP Query User{0EE96257-46BE-41C7-9CA7-78D303F6D252}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{134DBCD7-589D-4E31-BD99-453D34DBF689}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{E15A74AE-8950-4946-B308-FCFE935F5714}C:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:C:\program files\bohemia interactive\arma\arma.exe:ArmA
"UDP Query User{5B015335-7C87-4BE6-810C-67CF340607D0}C:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:C:\program files\bohemia interactive\arma\arma.exe:ArmA
"TCP Query User{85842D15-0E7D-4B02-ACE3-71C72E5337C5}C:\\program files\\eidos\\conflict global storm\\conflictglobal.exe"= UDP:C:\program files\eidos\conflict global storm\conflictglobal.exe:Conflict Global Terror
"UDP Query User{6A53E2B2-E673-41C1-A5F5-65A36D1B3488}C:\\program files\\eidos\\conflict global storm\\conflictglobal.exe"= TCP:C:\program files\eidos\conflict global storm\conflictglobal.exe:Conflict Global Terror
"TCP Query User{04CC7025-B46E-4F5C-8E58-9726EB70C8BE}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"UDP Query User{337769E0-5326-4016-BE5F-1C3599E27CB3}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"TCP Query User{537A6EEF-382D-472D-83AF-6426BE77D035}C:\\users\\jani\\desktop\\alien shooter - vengeance\\alienshooter.exe"= UDP:C:\users\jani\desktop\alien shooter - vengeance\alienshooter.exe:alienshooter.exe
"UDP Query User{22B10463-3C3F-4080-9B44-4EEAA918C4F0}C:\\users\\jani\\desktop\\alien shooter - vengeance\\alienshooter.exe"= TCP:C:\users\jani\desktop\alien shooter - vengeance\alienshooter.exe:alienshooter.exe
"TCP Query User{F562816E-4231-4175-A502-592E90EC7D35}C:\\users\\jani\\desktop\\call of duty 4 modern warfare full\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\jani\desktop\call of duty 4 modern warfare full\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{4E0B4A29-07E8-4B87-A540-7260979DB722}C:\\users\\jani\\desktop\\call of duty 4 modern warfare full\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\jani\desktop\call of duty 4 modern warfare full\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{E8196746-5D5C-4846-8C56-FD72CA811AD4}C:\\users\\jani\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\jani\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{E2799963-708D-4CDF-A895-4D665715DB14}C:\\users\\jani\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\jani\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{A0FCF488-C7CA-420A-8532-DB1E9EF2FAAB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{94FCC236-715B-4C6F-9F64-FEDA0A1073BD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3B1C1A15-8201-4034-A391-DAB4CFEBF743}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exeandora
"UDP Query User{09F09055-BFF1-4D97-9FBD-52D47F49FD4D}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exeandora
"TCP Query User{F20049DC-E05D-40C3-AB64-674D16BFF9B2}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\online\\system\\shadowstrike_static_retail.exe"= UDP:C:\program files\ubisoft\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe:shadowstrike_static_retail
"UDP Query User{6D37AB70-100D-4BA1-8A56-AD7CB09CBDB4}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\online\\system\\shadowstrike_static_retail.exe"= TCP:C:\program files\ubisoft\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe:shadowstrike_static_retail
"TCP Query User{81543F1D-6F7D-4AB1-BFFF-801E11ADD025}G:\\cod4\\iw3mp.exe"= UDP:G:\cod4\iw3mp.exe:iw3mp
"UDP Query User{BF39F71A-99EB-412B-9CEA-B8947C33B008}G:\\cod4\\iw3mp.exe"= TCP:G:\cod4\iw3mp.exe:iw3mp
"{7910F989-24E4-4C3F-8E2B-39F7D60EE663}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{DAAF562D-4DD5-427C-8900-A81D16A0EE7C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A07ED2CD-03ED-4882-9C59-95BB388F6AEA}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E44FA8CD-F658-499B-BA77-40EBF631411E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{0015A37A-ADA1-40F6-8BC5-11D64297E532}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{26341588-3AA2-4B56-B265-D8ED4242BBD6}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"{F35CFAB5-2D95-4654-B69A-435357E251AB}"= TCP:64087:crysis
"{4E885B8F-B900-4DF9-ACA7-C8F398069E25}"= UDP:29900:crysis
"{7E83886B-83F9-4BE0-BA8E-B86C59F8E7D7}"= UDP:29901:crysis
"{121E0A37-7421-4E76-A62B-AA5CE0579150}"= UDP:28910:crysis
"{4FC5E77D-8DF6-4A4A-BE0E-A62BDE4EBD8F}"= UDP:6667:crysis
"{2B881173-46D5-48D4-9060-5A9A2244E660}"= TCP:29910:crysis
"{32BBD638-76E3-4332-9EBA-FAAF0B7FB772}"= TCP:27900:crysis
"{5A3DFD1C-BD24-412F-8231-5B247074FCDE}"= TCP:27901:crysis
"TCP Query User{1BA47F62-8506-4AC5-BB35-383D3DD83ED6}C:\\users\\jani\\desktop\\tom clancy's splinter cell double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= UDP:C:\users\jani\desktop\tom clancy's splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe:splintercell4.exe
"UDP Query User{8EFD738A-95A8-43EB-895C-C5EB7EEA92E9}C:\\users\\jani\\desktop\\tom clancy's splinter cell double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= TCP:C:\users\jani\desktop\tom clancy's splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe:splintercell4.exe
"TCP Query User{CFADD51E-C619-40AB-8AD5-39277D25AD41}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3B35D0FC-9D45-43D0-B55A-DD4ACBDE3730}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{25E72134-92B0-4231-94D1-0F62129F48C0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{174173BB-5326-4E08-8A8D-D10167C1BB76}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8991B0ED-A49D-49CE-A3DA-F21CA8BC6FE6}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{BFAB678A-13B2-46D0-992B-5E59C5CF9FD0}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E21582F4-44F1-42FF-A1C0-E857E5EADAB0}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{80A8A95E-3EA0-4E59-B8FA-6D73BA1C3F86}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{C613BC0F-9BCE-4562-ADCE-C0FA956464D5}C:\\program files\\steam\\steamapps\\jantura\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\source sdk base\hl2.exe:hl2
"UDP Query User{F38A707E-0E3C-41E6-80C0-5E33888796D2}C:\\program files\\steam\\steamapps\\jantura\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\source sdk base\hl2.exe:hl2
"TCP Query User{7DD4641D-D2DE-4FB5-B0B7-916B8B85370A}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= UDP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{E3F760D3-F682-4626-9A8E-A2F250CFC3DD}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= TCP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{490B859C-A9F3-4571-B8AA-EB3D8C250B14}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{E69F04F3-417D-4FAE-B887-2B3A026ECE1E}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{ADEC2230-394B-495A-9B5F-371368B1A130}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{46DEDC44-FDD5-4E49-ACC8-A7B3ABBE9694}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{D014F41B-03F1-4C26-A35E-57DA4859F97D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CA4DA8B0-0502-4D78-933D-3A768F997EBF}C:\\users\\jani\\desktop\\the club\\the club\\theclub.exe"= UDP:C:\users\jani\desktop\the club\the club\theclub.exe:theclub.exe
"UDP Query User{469FE26B-4D2D-4F13-8F94-EBE1A7BAC95C}C:\\users\\jani\\desktop\\the club\\the club\\theclub.exe"= TCP:C:\users\jani\desktop\the club\the club\theclub.exe:theclub.exe
"TCP Query User{5674C55C-F1F2-4BDF-A791-8BC82EC65188}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A8E92046-9FB7-4E2D-B0E1-DC6BAFAE7C71}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{53DBAF39-DE7D-4740-BC1E-AA361CCEF0D6}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= UDP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{C8786BA4-B3F5-4E4E-AAD6-C1DE481CF5FD}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= TCP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{1E65291B-18E6-4EB4-B6BD-96AF321D04A8}C:\\program files\\capcom\\lost planet extreme condition\\lostplanetdx10.exe"= UDP:C:\program files\capcom\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{C6D24534-92E3-4655-A1ED-26052D8ACE9D}C:\\program files\\capcom\\lost planet extreme condition\\lostplanetdx10.exe"= TCP:C:\program files\capcom\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{46AA20DC-6E5C-4405-8860-C711E55E8DA8}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"UDP Query User{D1F3FDBF-00E4-4FA8-BE21-552270933965}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"{4F440F28-88F2-4BE9-8618-806EC1AB3292}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E8CC7186-1A76-4598-BD79-8AA7EAD89BDD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B5FF313F-868F-4A4A-A924-FD1C04557161}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{FE124297-BA92-4AAC-BEA9-0DAA6D54A4E9}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0B871698-2678-46D1-82B2-DC793346E797}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{12768F5A-C54D-44E7-AE5B-7DC7B9AD6244}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{42473821-5491-4C87-87B7-20F0E0D66E39}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{AC508FA5-3532-4B7E-A738-F3514FAF0850}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{FFE94575-B410-45DC-9775-131A24001750}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{03180CD1-A354-4E3C-9B1B-BFB753C5E2C7}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{66625D35-B1BB-4588-B580-2D19BBEA8ED5}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C5E0FEA8-502F-4EDE-9BA6-10925CBC3E94}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{F2D556CE-6EE9-40E8-A40F-988E4333E2C2}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{CAFCC4D0-FA27-4E72-9610-A54F47B80BB7}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"TCP Query User{66288AD5-593F-4478-9CB1-D4689F309FED}C:\\users\\jani\\desktop\\turok.full-rip.skullptura\\turok\\binaries\\turokgame.exe"= UDP:C:\users\jani\desktop\turok.full-rip.skullptura\turok\binaries\turokgame.exe:turokgame.exe
"UDP Query User{EB266C17-386E-4439-836F-479DEA89E3BE}C:\\users\\jani\\desktop\\turok.full-rip.skullptura\\turok\\binaries\\turokgame.exe"= TCP:C:\users\jani\desktop\turok.full-rip.skullptura\turok\binaries\turokgame.exe:turokgame.exe

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2006-07-11 10:30]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 78201;78201;C:\Windows\System32\78201.sys [2007-11-20 16:41]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 20:32]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 17:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 16:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc17722d-71c5-11dc-99d4-806e6f6e6963}]
\shell\AutoRun\command - E:\.\Bin\Assetup.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-11 17:00:16 C:\Windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:21:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 18:22:58
ComboFix-quarantined-files.txt 2008-05-12 15:22:37

Pre-Run: 86,775,504,896 tavua vapaana
Post-Run: 86,749,749,248 tavua vapaana

319 --- E O F --- 2008-05-09 08:59:27

 

ComboFix 08-05-11.1 - Jani 2008-05-12 18:17:19.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1035.18.1297 [GMT 3:00]
Running from: C:\Users\Jani\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Jani\AppData\Roaming\addon.dat
C:\Windows\msvrc20.dll
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-12 to 2008-05-12 )))))))))))))))))
.

2038-10-04 20:11 . 2007-11-20 16:41 4,096 --a------ C:\Windows\System32\78201.sys
2008-05-11 14:51 . 2008-05-11 14:51 761,856 --a------ C:\Users\Jani\vlc-0.8.6d-win32.zip
2008-05-11 14:50 . 2008-05-11 14:50 2,099,200 --a------ C:\Users\Jani\vlc-0.8.6d-win32.exe
2008-05-11 13:09 . 2008-05-11 13:09 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-10 18:42 . 2008-05-10 18:42 59,904 --a------ C:\Windows\System32\wvutTNDT.dll
2008-05-08 19:29 . 2008-05-08 19:29 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Touchstone
2008-05-08 19:28 . 2008-05-08 19:28 <KANSIO> d--h----- C:\Windows\msdownld.tmp
2008-05-07 23:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-05-03 15:57 . 2008-05-03 15:57 <KANSIO> dr------- C:\Users\Public\Downloads
2008-05-03 15:47 . 2008-05-03 15:47 <KANSIO> d-------- C:\PerfLogs
2008-05-03 14:16 . 2008-01-19 10:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-05-03 14:15 . 2008-01-19 10:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-03 14:14 . 2008-01-19 09:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-03 14:13 . 2008-01-19 10:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-03 14:13 . 2008-01-05 14:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-03 14:13 . 2008-01-05 14:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-05-03 14:13 . 2008-01-05 14:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-03 14:13 . 2008-01-05 14:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-05-03 14:13 . 2008-01-05 14:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-03 14:12 . 2008-01-19 10:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-03 14:12 . 2008-01-19 10:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-03 14:12 . 2008-01-19 10:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-03 14:11 . 2008-01-19 10:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-03 14:11 . 2008-01-19 10:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-03 14:09 . 2008-01-19 10:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-03 14:09 . 2008-01-19 10:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-03 14:09 . 2008-01-19 10:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-03 14:09 . 2008-01-19 10:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-29 17:00 . 2008-04-29 17:00 <KANSIO> d-------- C:\Users\All Users\Futuremark
2008-04-29 17:00 . 2008-04-29 17:00 <KANSIO> d-------- C:\ProgramData\Futuremark
2008-04-29 15:56 . 2008-04-29 15:56 <KANSIO> d-------- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2008-04-29 15:48 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 15:48 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 15:48 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 15:48 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 15:48 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 15:48 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-23 21:45 . 2008-04-24 20:26 <KANSIO> d-------- C:\Users\Jani\AppData\Roaming\Hamachi
2008-04-23 21:44 . 2008-04-23 21:44 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-04-17 15:17 . 2008-04-17 15:17 <KANSIO> d-------- C:\Program Files\Apple Software Update
2008-04-16 21:43 . 2008-04-28 19:32 <KANSIO> d-------- C:\Program Files\Audacity

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 11:17 --------- d-----w C:\ProgramData\NVIDIA
2008-05-10 10:14 --------- d-----w C:\Program Files\Steam
2008-05-10 10:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 17:57 --------- d-----w C:\Program Files\Ubisoft
2008-05-07 13:16 --------- d-----w C:\Program Files\Last.fm
2008-05-03 12:57 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Mail
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Journal
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Defender
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-03 12:48 --------- d-----w C:\Program Files\Windows Calendar
2008-05-03 12:38 1,774,593 ----a-w C:\Users\Jani\AppData\Roaming\marikita.exe
2008-05-03 12:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-03 12:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-29 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 05:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-19 12:48 --------- d-----w C:\Users\Jani\AppData\Roaming\LimeWire
2008-04-11 14:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-11 13:02 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-11 13:02 22,328 ----a-w C:\Users\Jani\AppData\Roaming\PnkBstrK.sys
2008-04-11 13:02 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-11 13:02 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-11 13:02 --------- d-----w C:\ProgramData\Ubisoft
2008-04-11 04:36 --------- d-----w C:\Program Files\DivX
2008-04-09 13:11 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 13:11 --------- d-----w C:\Program Files\iTunes
2008-04-09 13:11 --------- d-----w C:\Program Files\iPod
2008-04-09 13:10 --------- d-----w C:\Program Files\QuickTime
2008-04-07 15:13 --------- d-----w C:\Users\Jani\AppData\Roaming\InstallShield
2008-04-07 15:13 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-04-03 13:33 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-28 13:56 --------- d-----w C:\Program Files\Java
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-20 16:32 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-03-20 16:32 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-03-13 19:36 --------- d-----w C:\Program Files\Burn4Free
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:14 223,744 ----a-w C:\Windows\System32\b4fm.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-12-11 15:22 81,920 ----a-w C:\Users\Jani\AppData\Roaming\ezpinst.exe
2007-12-11 15:22 47,360 ----a-w C:\Users\Jani\AppData\Roaming\pcouffin.sys
2007-10-03 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-03 15:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-03 15:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 16:03 93208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"{47C3F792-4D79-EDD4-FF21-4A66C8A8DE0C}"="C:\Users\Jani\AppData\Roaming\marikita.exe" [2008-05-03 15:38 1774593]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 10:38 1008184]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 12:02 4718592 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 19:15 1826816 C:\Windows\SkyTel.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSServer"="C:\Windows\system32\wvutTNDT.dll" [2008-05-10 18:42 59904]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{DAE41C02-250D-4B17-A055-703ED1DB1080}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{DB96D574-764E-4B4F-ACA8-0DD46A61D565}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"TCP Query User{314E14D0-7B6C-4F48-9E67-EAA8B8D0F02C}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{220210E3-CE8F-46E6-9985-46172AA92973}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{081D67F5-0A2F-47CD-B679-FE9A4A43A14A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E1E09382-8993-425F-9458-12F141B60E2C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{09538011-7519-488C-9CDC-DCA0C3A4622E}C:\\users\\jani\\desktop\\nwserver.exe"= UDP:C:\users\jani\desktop\nwserver.exe:nwserver.exe
"UDP Query User{E8AB429D-7B43-4389-A005-1FD489532B00}C:\\users\\jani\\desktop\\nwserver.exe"= TCP:C:\users\jani\desktop\nwserver.exe:nwserver.exe
"TCP Query User{A7CA865B-939C-4DE3-B986-A2860234BB8E}C:\\program files\\neverwinterknights\\nwserver.exe"= UDP:C:\program files\neverwinterknights\nwserver.exe:Neverwinter Nights Server
"UDP Query User{4C417398-97FD-4B80-9C59-2A3A24946E9C}C:\\program files\\neverwinterknights\\nwserver.exe"= TCP:C:\program files\neverwinterknights\nwserver.exe:Neverwinter Nights Server
"TCP Query User{7151E893-C1CF-422C-93BF-8191B5FD1CAD}C:\\program files\\neverwinterknights\\nwmain.exe"= UDP:C:\program files\neverwinterknights\nwmain.exe:Neverwinter Nights
"UDP Query User{107B29FB-7CFB-4CED-A897-D257A819A69D}C:\\program files\\neverwinterknights\\nwmain.exe"= TCP:C:\program files\neverwinterknights\nwmain.exe:Neverwinter Nights
"{B4FAE677-9744-4AE0-A412-39F961D33986}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{2DB1E936-3555-4DE8-92D1-36C3CC5E9051}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0AAA4292-6FAA-4FD0-B70A-92F58D692717}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{0C36C4FD-4F63-4FD5-B2EC-FBBEF52A7810}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{14700C99-FB46-4925-84C4-D65196462993}C:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= UDP:C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:SPLINTERCELL3
"UDP Query User{43AC3C64-CBA5-4A30-A5D9-4E7E6938BEFE}C:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\system\\splintercell3.exe"= TCP:C:\program files\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe:SPLINTERCELL3
"TCP Query User{2838B69A-0BB9-45CD-AAA2-388B7E2A67CB}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{344C2BF1-8CCC-4411-BED6-769D6DD02BAF}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{CF2AE45B-A92C-4120-A5F1-CB059CF0ABB5}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{4E7EE194-4A45-45BE-8E61-69D549380FC6}C:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:C:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"TCP Query User{F7D7DFB0-5D93-468D-9552-319918CEC527}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= UDP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{6D5083C0-043C-4961-86DF-CAC33CACAF40}C:\\program files\\activision value\\world series of poker toc\\wsoptoc.exe"= TCP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"TCP Query User{2CAC1E00-935C-4CB6-9405-75E72E1C37FD}C:\\program files\\activision value\\wsop 2008\\wsopbftb.exe"= UDP:C:\program files\activision value\wsop 2008\wsopbftb.exe:WSOPBFTB
"UDP Query User{0F67EE23-A901-4E7F-B738-24AE32F68DE4}C:\\program files\\activision value\\wsop 2008\\wsopbftb.exe"= TCP:C:\program files\activision value\wsop 2008\wsopbftb.exe:WSOPBFTB
"TCP Query User{A7282E91-95B6-403A-9DD6-196B648938AD}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{3B663810-6284-4107-8485-4DBC18CB2ED6}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{67812B7F-9E0D-40EA-BCEB-5C25E5E2D281}C:\\users\\jani\\desktop\\dirt\\dirt.exe"= UDP:C:\users\jani\desktop\dirt\dirt.exe:dirt.exe
"UDP Query User{92D86442-A3B2-4506-87C2-D1ABD1032359}C:\\users\\jani\\desktop\\dirt\\dirt.exe"= TCP:C:\users\jani\desktop\dirt\dirt.exe:dirt.exe
"TCP Query User{E5A742CF-3E97-4E6A-88BD-1D13651281B8}C:\\program files\\system shock 2\\shock2.exe"= UDP:C:\program files\system shock 2\shock2.exe:System Shock 2
"UDP Query User{24327D90-28D6-49F8-B2D5-3A36FBE55CAA}C:\\program files\\system shock 2\\shock2.exe"= TCP:C:\program files\system shock 2\shock2.exe:System Shock 2
"TCP Query User{AAA8ABAC-6A20-4CA9-A33A-928EDF739735}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{E7953614-C868-415C-8F2D-4143795B200F}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{7AD66ACA-F959-4696-9A4C-C08A883D2050}C:\\program files\\gunz\\gunz.exe"= UDP:C:\program files\gunz\gunz.exe:Gunz
"UDP Query User{5B9108FE-D169-4F2F-9109-08DDE3354329}C:\\program files\\gunz\\gunz.exe"= TCP:C:\program files\gunz\gunz.exe:Gunz
"TCP Query User{0EE96257-46BE-41C7-9CA7-78D303F6D252}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{134DBCD7-589D-4E31-BD99-453D34DBF689}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{E15A74AE-8950-4946-B308-FCFE935F5714}C:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:C:\program files\bohemia interactive\arma\arma.exe:ArmA
"UDP Query User{5B015335-7C87-4BE6-810C-67CF340607D0}C:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:C:\program files\bohemia interactive\arma\arma.exe:ArmA
"TCP Query User{85842D15-0E7D-4B02-ACE3-71C72E5337C5}C:\\program files\\eidos\\conflict global storm\\conflictglobal.exe"= UDP:C:\program files\eidos\conflict global storm\conflictglobal.exe:Conflict Global Terror
"UDP Query User{6A53E2B2-E673-41C1-A5F5-65A36D1B3488}C:\\program files\\eidos\\conflict global storm\\conflictglobal.exe"= TCP:C:\program files\eidos\conflict global storm\conflictglobal.exe:Conflict Global Terror
"TCP Query User{04CC7025-B46E-4F5C-8E58-9726EB70C8BE}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"UDP Query User{337769E0-5326-4016-BE5F-1C3599E27CB3}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"TCP Query User{537A6EEF-382D-472D-83AF-6426BE77D035}C:\\users\\jani\\desktop\\alien shooter - vengeance\\alienshooter.exe"= UDP:C:\users\jani\desktop\alien shooter - vengeance\alienshooter.exe:alienshooter.exe
"UDP Query User{22B10463-3C3F-4080-9B44-4EEAA918C4F0}C:\\users\\jani\\desktop\\alien shooter - vengeance\\alienshooter.exe"= TCP:C:\users\jani\desktop\alien shooter - vengeance\alienshooter.exe:alienshooter.exe
"TCP Query User{F562816E-4231-4175-A502-592E90EC7D35}C:\\users\\jani\\desktop\\call of duty 4 modern warfare full\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\jani\desktop\call of duty 4 modern warfare full\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{4E0B4A29-07E8-4B87-A540-7260979DB722}C:\\users\\jani\\desktop\\call of duty 4 modern warfare full\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\jani\desktop\call of duty 4 modern warfare full\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{E8196746-5D5C-4846-8C56-FD72CA811AD4}C:\\users\\jani\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\users\jani\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{E2799963-708D-4CDF-A895-4D665715DB14}C:\\users\\jani\\desktop\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\users\jani\desktop\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{A0FCF488-C7CA-420A-8532-DB1E9EF2FAAB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{94FCC236-715B-4C6F-9F64-FEDA0A1073BD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3B1C1A15-8201-4034-A391-DAB4CFEBF743}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exeandora
"UDP Query User{09F09055-BFF1-4D97-9FBD-52D47F49FD4D}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exeandora
"TCP Query User{F20049DC-E05D-40C3-AB64-674D16BFF9B2}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\online\\system\\shadowstrike_static_retail.exe"= UDP:C:\program files\ubisoft\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe:shadowstrike_static_retail
"UDP Query User{6D37AB70-100D-4BA1-8A56-AD7CB09CBDB4}C:\\program files\\ubisoft\\splinter cell pandora tomorrow\\online\\system\\shadowstrike_static_retail.exe"= TCP:C:\program files\ubisoft\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe:shadowstrike_static_retail
"TCP Query User{81543F1D-6F7D-4AB1-BFFF-801E11ADD025}G:\\cod4\\iw3mp.exe"= UDP:G:\cod4\iw3mp.exe:iw3mp
"UDP Query User{BF39F71A-99EB-412B-9CEA-B8947C33B008}G:\\cod4\\iw3mp.exe"= TCP:G:\cod4\iw3mp.exe:iw3mp
"{7910F989-24E4-4C3F-8E2B-39F7D60EE663}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{DAAF562D-4DD5-427C-8900-A81D16A0EE7C}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A07ED2CD-03ED-4882-9C59-95BB388F6AEA}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E44FA8CD-F658-499B-BA77-40EBF631411E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"TCP Query User{0015A37A-ADA1-40F6-8BC5-11D64297E532}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{26341588-3AA2-4B56-B265-D8ED4242BBD6}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"{F35CFAB5-2D95-4654-B69A-435357E251AB}"= TCP:64087:crysis
"{4E885B8F-B900-4DF9-ACA7-C8F398069E25}"= UDP:29900:crysis
"{7E83886B-83F9-4BE0-BA8E-B86C59F8E7D7}"= UDP:29901:crysis
"{121E0A37-7421-4E76-A62B-AA5CE0579150}"= UDP:28910:crysis
"{4FC5E77D-8DF6-4A4A-BE0E-A62BDE4EBD8F}"= UDP:6667:crysis
"{2B881173-46D5-48D4-9060-5A9A2244E660}"= TCP:29910:crysis
"{32BBD638-76E3-4332-9EBA-FAAF0B7FB772}"= TCP:27900:crysis
"{5A3DFD1C-BD24-412F-8231-5B247074FCDE}"= TCP:27901:crysis
"TCP Query User{1BA47F62-8506-4AC5-BB35-383D3DD83ED6}C:\\users\\jani\\desktop\\tom clancy's splinter cell double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= UDP:C:\users\jani\desktop\tom clancy's splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe:splintercell4.exe
"UDP Query User{8EFD738A-95A8-43EB-895C-C5EB7EEA92E9}C:\\users\\jani\\desktop\\tom clancy's splinter cell double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= TCP:C:\users\jani\desktop\tom clancy's splinter cell double agent\tcscda\scda-offline\system\splintercell4.exe:splintercell4.exe
"TCP Query User{CFADD51E-C619-40AB-8AD5-39277D25AD41}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{3B35D0FC-9D45-43D0-B55A-DD4ACBDE3730}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{25E72134-92B0-4231-94D1-0F62129F48C0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{174173BB-5326-4E08-8A8D-D10167C1BB76}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8991B0ED-A49D-49CE-A3DA-F21CA8BC6FE6}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{BFAB678A-13B2-46D0-992B-5E59C5CF9FD0}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E21582F4-44F1-42FF-A1C0-E857E5EADAB0}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{80A8A95E-3EA0-4E59-B8FA-6D73BA1C3F86}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{C613BC0F-9BCE-4562-ADCE-C0FA956464D5}C:\\program files\\steam\\steamapps\\jantura\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\source sdk base\hl2.exe:hl2
"UDP Query User{F38A707E-0E3C-41E6-80C0-5E33888796D2}C:\\program files\\steam\\steamapps\\jantura\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\source sdk base\hl2.exe:hl2
"TCP Query User{7DD4641D-D2DE-4FB5-B0B7-916B8B85370A}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= UDP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{E3F760D3-F682-4626-9A8E-A2F250CFC3DD}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= TCP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{490B859C-A9F3-4571-B8AA-EB3D8C250B14}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{E69F04F3-417D-4FAE-B887-2B3A026ECE1E}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{ADEC2230-394B-495A-9B5F-371368B1A130}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{46DEDC44-FDD5-4E49-ACC8-A7B3ABBE9694}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{D014F41B-03F1-4C26-A35E-57DA4859F97D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CA4DA8B0-0502-4D78-933D-3A768F997EBF}C:\\users\\jani\\desktop\\the club\\the club\\theclub.exe"= UDP:C:\users\jani\desktop\the club\the club\theclub.exe:theclub.exe
"UDP Query User{469FE26B-4D2D-4F13-8F94-EBE1A7BAC95C}C:\\users\\jani\\desktop\\the club\\the club\\theclub.exe"= TCP:C:\users\jani\desktop\the club\the club\theclub.exe:theclub.exe
"TCP Query User{5674C55C-F1F2-4BDF-A791-8BC82EC65188}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A8E92046-9FB7-4E2D-B0E1-DC6BAFAE7C71}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{53DBAF39-DE7D-4740-BC1E-AA361CCEF0D6}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= UDP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{C8786BA4-B3F5-4E4E-AAD6-C1DE481CF5FD}C:\\users\\jani\\desktop\\tdu\\testdriveunlimited.exe"= TCP:C:\users\jani\desktop\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{1E65291B-18E6-4EB4-B6BD-96AF321D04A8}C:\\program files\\capcom\\lost planet extreme condition\\lostplanetdx10.exe"= UDP:C:\program files\capcom\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"UDP Query User{C6D24534-92E3-4655-A1ED-26052D8ACE9D}C:\\program files\\capcom\\lost planet extreme condition\\lostplanetdx10.exe"= TCP:C:\program files\capcom\lost planet extreme condition\lostplanetdx10.exe:LostPlanetDx10
"TCP Query User{46AA20DC-6E5C-4405-8860-C711E55E8DA8}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"UDP Query User{D1F3FDBF-00E4-4FA8-BE21-552270933965}C:\\program files\\steam\\steamapps\\jantura\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\jantura\counter-strike source\hl2.exe:hl2
"{4F440F28-88F2-4BE9-8618-806EC1AB3292}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E8CC7186-1A76-4598-BD79-8AA7EAD89BDD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B5FF313F-868F-4A4A-A924-FD1C04557161}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{FE124297-BA92-4AAC-BEA9-0DAA6D54A4E9}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{0B871698-2678-46D1-82B2-DC793346E797}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{12768F5A-C54D-44E7-AE5B-7DC7B9AD6244}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{42473821-5491-4C87-87B7-20F0E0D66E39}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{AC508FA5-3532-4B7E-A738-F3514FAF0850}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{FFE94575-B410-45DC-9775-131A24001750}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{03180CD1-A354-4E3C-9B1B-BFB753C5E2C7}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{66625D35-B1BB-4588-B580-2D19BBEA8ED5}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C5E0FEA8-502F-4EDE-9BA6-10925CBC3E94}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{F2D556CE-6EE9-40E8-A40F-988E4333E2C2}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{CAFCC4D0-FA27-4E72-9610-A54F47B80BB7}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"TCP Query User{66288AD5-593F-4478-9CB1-D4689F309FED}C:\\users\\jani\\desktop\\turok.full-rip.skullptura\\turok\\binaries\\turokgame.exe"= UDP:C:\users\jani\desktop\turok.full-rip.skullptura\turok\binaries\turokgame.exe:turokgame.exe
"UDP Query User{EB266C17-386E-4439-836F-479DEA89E3BE}C:\\users\\jani\\desktop\\turok.full-rip.skullptura\\turok\\binaries\\turokgame.exe"= TCP:C:\users\jani\desktop\turok.full-rip.skullptura\turok\binaries\turokgame.exe:turokgame.exe

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2006-07-11 10:30]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 78201;78201;C:\Windows\System32\78201.sys [2007-11-20 16:41]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 20:32]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 17:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 16:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc17722d-71c5-11dc-99d4-806e6f6e6963}]
\shell\AutoRun\command - E:\.\Bin\Assetup.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
'Ajoitetut tehtävät'-kansion sisältö
"2008-05-11 17:00:16 C:\Windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:21:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 18:22:58
ComboFix-quarantined-files.txt 2008-05-12 15:22:37

Pre-Run: 86,775,504,896 tavua vapaana
Post-Run: 86,749,749,248 tavua vapaana

319 --- E O F --- 2008-05-09 08:59:27

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:36, on 12.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvutTNDT.dll,#1
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [{47C3F792-4D79-EDD4-FF21-4A66C8A8DE0C}] C:\Users\Jani\AppData\Roaming\marikita.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6455 bytes

 

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

jusched
issch
QTTask
nvsvc
isuspm

käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

===============

Lähetetääni tiedosto Virustotaliin
virustotal

1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto: C:\Windows\system32\wvutTNDT.dll
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon.

* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.

 

MD5: 53f69806362edc2aff2e50f84a68784e
First received: 05.10.2008 19:33:52 (CET)
Date: 05.11.2008 00:15:42 (CET) [>2D]
Results: 3/32
Permalink: analisis/492b8633afe83ed2279f4e760fd7d146