TR/Crypt.XPACK.Gen viiruksen poisto ongelma

Eli TR/Crypt.XPACK.Gen viirus vaivaa konettani ja tarvitsisin apua fiksummilta.Löysin kaksikin aihetta tästä, mutta en silti ole saanut tuota omaa ongelmaani ratkaistua, enkä noita HJT lokeja hallitse, niin pyytäisin apua sen kanssa ja sen jälkeen toimimisen.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:45, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Perheturva\fssui.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Luomala\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finnish.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Perheturva\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Perheturva\fssui.exe" -autorun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Users\Luomala\AppData\Local\Temp\{44DE81ED-6F1E-46E0-9761-42BAAD2DEA16}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: Registration Tom Clancy's Rainbow Six
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 12709 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

=================

Koneella on aviraa , avastia ja nortonia
mitä olis tarkoitus käyttää

================

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

No Avastia olen lähinnä käyttänyt, ja tuo Avira on ollut lähinnä sitä varten että kun olen sitä tarkistellut aina sillon tällön ja samalla pelaillu.. Nortonin mielestäni poistin, ainakin se on poistunut sieltä lisää poista (ohjelmat ja toiminnot) sovelluksen listasta kun sieltä sen poistin.

A Stigmator
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Age of Empires II & The Conquerors Expansion
Age of Empires III
Age of Empires III - The WarChiefs
AGEIA PhysX v2.3.3
Aliens vs. Predator 2
Allied Intent Xtended 2.0
America's Army Deploy Client
America's Army Server Manager
Apple Mobile Device Support
Apple Software Update
Arachnophilia 5.2
Astral Masters
Automaattiset valikot (Windows Live Toolbar)
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Axis & Allies
Barbarian Invasion
Battlefield 2(TM)
Battlefield 2142 Demo
Battlefield Vietnam(TM)
Blender (remove only)
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCV Patch 501a
Combat Mission Shock Force
Combat Revolution
Company of Heroes
Company of Heroes - D-Day Coop Map
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
CoolBasic 10.4
Counter-Strike 1.6 V31.1
Darwinia v1.42
Dawn of War - Soulstorm
Dawn of War - Tyranid Mod v0.45SS
DawnOfWar
DC++ 0.704
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy CD-DA Extractor 12
EAX4 Unified Redist
Fallout 3
free-downloads.net Toolbar
FreshDiagnose
Frets On Fire
GameSpy Arcade
gmax
Google Earth
Google Toolbar for Internet Explorer
Hamachi 1.0.2.5
Hardware Diagnostic Tools
Hearts of Iron 2
HijackThis 2.0.2
HOI2 - Demo Version
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Update
ICQ6
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Joint Operations: Escalation
Joint Operations: Typhoon Rising
Korostuksen katselu (Windows Live Toolbar)
Left 4 Dead v1.0.0.5
Little Fighter 2 Toolbar
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Mafia
Making History 2.0
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 Language Pack SP1 - fin
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1:n kielitukipaketti - FI
Microsoft Close Combat: A Bridge Too Far
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Mount&Blade
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Multiwinia v1.0.5
Natural Selection 3.2
Neverwinter Nights 2
Nokia Connectivity Cable Driver
NVIDIA Drivers
OcxSetup
OpenAL
OpenOffice.org Installer 1.0
Project Reality 0856 Core
Project Reality 0856 Levels
Project Reality SP 0.85 Core
Project Reality SP 0.85 Mappack 1
PunkBuster for Battlefield Vietnam
PunkBuster for Joint Operations
PVK
Python 2.4.3
Python 3.0
QuickTime
Realtek High Definition Audio Driver
RedOrchestra
Rome - Total War - Alexander
Rome - Total War(TM)
Rome Total War - patch 1.3
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Sandbox
save2pc Pro Demo 3.38
Shadowgrounds
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SiSoftware Sandra Professional Business 2009
Starcraft
Steam
Steel Panthers World At War v8.20
Sven Co-op 3.0
System Requirements Lab
TeamViewer 4
Tehostettu multimedianäppäimistöratkaisu
Tom Clancy's Rainbow Six Vegas
TSW WebCoder 5
ubi.com
Vietcong
Vuze
Warcraft III
Warhammer 40,000: Dawn of War II - Beta
Warhammer Mark of Chaos
Warhammer Mark of Chaos Manual Patch
Winamp
Windows Live installer
Windows Live Messenger
Windows Live OneCare – perheturva
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbarin laajennus (Windows Live Toolbar)
Windows Liven kirjautumisavustaja
Windows Media Player Firefox Plugin
WinRAR archiver
World in Conflict


Nuo CoH:in fake jutut on ilmeisesti crackeja(?) kun halusin sen molemmillille koneille toimimaan (toinen veljen kannettava), ja tässä kun on tuo DVD asema hajalla niin en voisi sitä muuten viikoilla pelailla...

 

Poista lisää poista sovelutuksesta

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Avira AntiVir Personal - Free Antivirus
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)

===========

Poista kansiot

C:\Program Files\Avira
C:\Program Files\Common Files\Symantec Shared

==========

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

 

Malwarebytes' Anti-Malware 1.34
Tietokantaversio: 1817
Windows 6.0.6001 Service Pack 1

04/03/2009 22:30:12
mbam-log-2009-03-04 (22-30-12).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 360382
Kulunut aika: 4 hour(s), 4 minute(s), 4 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\free-downloads.net toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-03-02.01 - Luomala 2009-03-05 7:56:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.358.1035.18.2943.2034 [GMT 2:00]
Sijainti: c:\users\Luomala\Downloads\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 090228-0] *On-access scanning enabled* (Updated)
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Luomala\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-05 to 2009-03-05 )))))))))))))))))
.

2009-03-04 18:24 . 2009-03-04 18:24 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\Malwarebytes
2009-03-04 18:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-04 18:23 . 2009-03-04 18:23 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-03-04 18:23 . 2009-03-04 18:23 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-03-04 18:23 . 2009-03-04 18:24 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 18:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 22:41 . 2009-03-02 22:41 <KANSIO> d-------- C:\!KillBox
2009-02-28 22:46 . 2009-02-28 22:47 <KANSIO> d-------- c:\program files\Hamachi
2009-02-28 22:46 . 2009-02-28 22:46 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\windows\Easy CD-DA Extractor 12.0
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\users\All Users\TEMP
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\users\All Users\Easy CD-DA Extractor
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\programdata\TEMP
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\programdata\Easy CD-DA Extractor
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\program files\Easy CD-DA Extractor 12
2009-02-25 01:35 . 2009-02-28 22:45 <KANSIO> d-------- C:\Temp
2009-02-25 01:33 . 2009-02-25 01:33 <KANSIO> d-------- c:\program files\ImTOO
2009-02-25 01:29 . 2009-02-25 01:29 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\Winamp
2009-02-25 01:29 . 2009-02-25 01:29 <KANSIO> d-------- c:\program files\Winamp
2009-02-20 21:22 . 2009-02-16 15:15 108,126,682 --a------ c:\users\Public\Combat_Revolution_Setup_v3.00_FULL.exe
2009-02-20 20:47 . 2009-02-20 20:47 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\My Games
2009-02-17 17:26 . 2009-02-19 00:13 <KANSIO> d-------- C:\jännempi juttu
2009-02-15 10:29 . 2009-02-15 10:29 <KANSIO> d-------- c:\users\Luomala\temp
2009-02-15 10:29 . 2009-02-15 10:29 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\TeamViewer
2009-02-15 10:29 . 2009-02-15 10:29 <KANSIO> d-------- c:\program files\TeamViewer
2009-02-12 19:30 . 2009-02-12 19:30 <KANSIO> d-------- c:\program files\Tilester
2009-02-12 19:30 . 2009-02-12 19:30 <KANSIO> d-------- c:\program files\CoolBasic
2009-02-12 08:08 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 08:08 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 08:08 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 08:08 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 08:08 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 08:08 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 08:08 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 08:08 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 08:00 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 08:00 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 08:00 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 07:59 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 07:59 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 07:31 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 07:31 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 07:30 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 07:30 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 07:30 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 13:40 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 13:39 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 05:54 --------- d-----w c:\users\Luomala\AppData\Roaming\Hamachi
2009-03-05 05:19 --------- d-----w c:\program files\Steam
2009-03-04 16:08 --------- d-----w c:\programdata\Symantec
2009-03-04 16:03 --------- d-----w c:\program files\Java
2009-02-23 05:08 --------- d-----w c:\program files\Common Files\Steam
2009-02-23 05:06 --------- d-----w c:\program files\Google
2009-02-21 18:25 --------- d-----w c:\programdata\Media Center Programs
2009-02-20 17:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 15:29 --------- d-----w c:\users\Luomala\AppData\Roaming\Azureus
2009-02-18 22:53 201,816 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 22:53 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 13:35 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2009-02-17 11:37 --------- d-----w c:\users\Luomala\AppData\Roaming\Media Center Programs
2009-02-16 18:36 70,968 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 18:47 --------- d-----w c:\users\Luomala\AppData\Roaming\Mount&Blade
2009-02-11 22:32 --------- d-----w c:\program files\Windows Mail
2009-02-03 06:09 --------- d-----w c:\program files\AGEIA Technologies
2009-02-02 15:04 --------- d-----w c:\program files\ReflexiveArcade
2009-01-25 08:50 --------- d-----w c:\program files\Vuze
2009-01-18 15:44 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-14 19:01 --------- d-----w c:\programdata\NVIDIA
2009-01-08 15:45 --------- d-----w c:\program files\D-Day Coop
2008-12-23 19:58 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-09-11 14:54 180 ----a-w c:\users\Luomala\AppData\Roaming\wklnhst.dat
2008-07-07 20:54 174 --sha-w c:\program files\desktop.ini
2008-06-27 10:43 22,328 ----a-w c:\users\Luomala\AppData\Roaming\PnkBstrK.sys
2008-03-22 13:58 7,391,765 ----a-w c:\users\Public\MEDIEVAL.2.TW.V1.3.ENG.SKIDROW.NOCD.ZIP
2008-03-16 17:52 643,088,529 ----a-w c:\users\Public\miitw_update2_efigs_rc_final(2).exe
2007-11-09 13:25 57,344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
2008-10-11 10:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-11 10:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-11 10:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-24 20:08 1,368 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-11-03 17:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008110320081104\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 13:46 1510424 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"fssui"="c:\program files\Windows Live\Perheturva\fssui.exe" [2007-12-17 243240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 92704]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Luomala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-28 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC6E180F-2475-466C-A16E-BF90D6C1C7BC}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{40BB94D6-08B0-4899-A80D-C175A0080B69}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{680A9E1F-81D7-4314-B02A-C264E7F968ED}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7F4502BE-C2D8-498B-8C45-42C87B890B06}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"{BF24CA8D-6A03-44F1-AB36-7C6A6F727B0E}"= UDP:c:\pelit\Rainbow six Lock down demo\Lockdown.exe:Rainbow Six Lockdown Demo
"{CDB9ADA5-A53E-4B47-9814-E5C7E9DF4B87}"= TCP:c:\pelit\Rainbow six Lock down demo\Lockdown.exe:Rainbow Six Lockdown Demo
"{32780F12-20C5-4F5B-A608-19ED05E20576}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AA166499-6D32-40CD-AA69-08D5404393CF}"= UDP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{C3D28EA4-7A8C-4A86-8F73-F07150FF5D9E}"= TCP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{7E64E766-CEF2-413D-BCD5-7EE335D1CC3E}"= UDP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{B5DBA29E-D16B-42FA-9B4D-3A120EC3FEF5}"= TCP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{BAE3050D-53DF-4FC5-A5DB-E33D259936E4}"= UDP:c:\pelit\axis&allies\AA_demo.exe:Axis & Allies Demo
"{20263FDD-E52E-4CDC-917E-FCA5E086F59C}"= TCP:c:\pelit\axis&allies\AA_demo.exe:Axis & Allies Demo
"{08A5ED55-680F-486A-B5E0-0AE8F78DBAAA}"= UDP:c:\pelit\AvP\AVP2.exe:Aliens vs. Predator 2
"{9D9BBD96-4C63-4E60-ADE8-9F98C7ADA16E}"= TCP:c:\pelit\AvP\AVP2.exe:Aliens vs. Predator 2
"{900E7B21-4A25-46BC-9CCF-ED40C4BCC64C}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{B5DC7FC4-7350-4FF9-BB02-A8F562F147BC}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{AB6C6BD9-D340-4F0A-A45B-4CC45307C3FA}c:\\pelit\\il-2 sturmovik forgotten battles\\il2fb.exe"= UDP:c:\pelit\il-2 sturmovik forgotten battles\il2fb.exe:il2fb
"UDP Query User{B371BC59-EE61-4075-8C99-3B8D9C28FBFB}c:\\pelit\\il-2 sturmovik forgotten battles\\il2fb.exe"= TCP:c:\pelit\il-2 sturmovik forgotten battles\il2fb.exe:il2fb
"TCP Query User{7FDC773E-04DC-4CBB-91A5-09BCCA6CA879}c:\\pelit\\il-2 sturmovik forgotten battles\\il2.exe.exe"= UDP:c:\pelit\il-2 sturmovik forgotten battles\il2.exe.exe:IL2.exe
"UDP Query User{DEA930A0-39AB-44E9-BCE9-3822F0D0D723}c:\\pelit\\il-2 sturmovik forgotten battles\\il2.exe.exe"= TCP:c:\pelit\il-2 sturmovik forgotten battles\il2.exe.exe:IL2.exe
"TCP Query User{B4991654-0224-4CDC-9EB0-B0376844FC82}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A2E74584-FBA6-4AE1-AB68-7B1E03D394C2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{2C99E14F-1E05-4463-AA90-7D1AFEC24746}c:\\pelit\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\pelit\battlefield vietnam\bfvietnam.exe:BfVietnam
"UDP Query User{D01AC437-2472-4A42-9405-CA5A5F4B1FFF}c:\\pelit\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\pelit\battlefield vietnam\bfvietnam.exe:BfVietnam
"TCP Query User{DCF99F62-E0F0-464E-86AD-D719CDC261D5}c:\\pelit\\combat mission shock force\\cm shock force.exe"= UDP:c:\pelit\combat mission shock force\cm shock force.exe:CM Shock Force
"UDP Query User{51478043-11BE-45CC-9990-00496C97B0D5}c:\\pelit\\combat mission shock force\\cm shock force.exe"= TCP:c:\pelit\combat mission shock force\cm shock force.exe:CM Shock Force
"TCP Query User{15A5B61A-CBBC-4DED-883B-C1D46B367E66}c:\\pelit\\soulstorm\\soulstorm.exe"= UDP:c:\pelit\soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{CE2C7EBD-B6D9-4BFE-948C-9158C4BC96AF}c:\\pelit\\soulstorm\\soulstorm.exe"= TCP:c:\pelit\soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{EB50139B-239E-42B6-99B0-8C64C20AB0C5}c:\\program files\\bfvcc server manager\\bfvcc.exe"= UDP:c:\program files\bfvcc server manager\bfvcc.exe:BFVCC
"UDP Query User{D069D93E-AC3C-4C71-ACD0-587DB4AB87B4}c:\\program files\\bfvcc server manager\\bfvcc.exe"= TCP:c:\program files\bfvcc server manager\bfvcc.exe:BFVCC
"TCP Query User{DEE86C35-3710-4E9B-A45A-B3E0223DF564}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:BfVietnam
"UDP Query User{A8D96525-3AA0-4D17-8D0D-0954C297DEC4}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:BfVietnam
"TCP Query User{CD40663A-F628-4273-8E81-35D919D33B81}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{068E29F4-40EE-4604-9203-B1E2155AE0ED}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{833663D1-4072-4611-B0BB-A1AFDC75F6C4}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\hl.exe:Half-Life Launcher
"UDP Query User{F291874C-2D62-4AC1-BEC1-2B4622A4A5C0}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0FBE8FB3-E6F8-4B37-B6D3-91CD2B7243A5}c:\\pelit\\rome total war\\rometw.exe"= UDP:c:\pelit\rome total war\rometw.exe:Rome: Total War
"UDP Query User{9332F2D6-E0AB-4943-8C7F-755A5D593132}c:\\pelit\\rome total war\\rometw.exe"= TCP:c:\pelit\rome total war\rometw.exe:Rome: Total War
"TCP Query User{E75E59FD-D78B-49A5-8846-140238F8B35A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{12161F44-ACF1-44EA-B37B-5F522E3127C0}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{5A697A1B-B6FC-4BFE-A4F2-7B1642FD8A73}c:\\pelit\\cs 1.6 non steam\\hl.exe"= UDP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"UDP Query User{2D315175-C18A-4968-9F86-593415D66A59}c:\\pelit\\cs 1.6 non steam\\hl.exe"= TCP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"TCP Query User{15113762-C548-4717-8510-41117C346F86}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{D1E4BB3D-522A-456A-BCDD-1C7F2AC96139}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{51655664-F401-4619-9FCB-6A40082D1CA5}c:\\pelit\\vietcong\\vietcong.exe"= UDP:c:\pelit\vietcong\vietcong.exe:vietcong
"UDP Query User{1596F0A9-F2B9-4287-A69D-14F945C16C80}c:\\pelit\\vietcong\\vietcong.exe"= TCP:c:\pelit\vietcong\vietcong.exe:vietcong
"TCP Query User{B5A849E1-C89F-4FA6-A746-FF04C1370F7E}c:\\pelit\\medieval total war 2\\medieval2.exe"= UDP:c:\pelit\medieval total war 2\medieval2.exe:Medieval 2: Total War
"UDP Query User{BAEAF5BC-4E93-42AF-90DF-98CA21209773}c:\\pelit\\medieval total war 2\\medieval2.exe"= TCP:c:\pelit\medieval total war 2\medieval2.exe:Medieval 2: Total War
"{74C92A8E-20F6-42E9-B8B9-0A2C91C46BC3}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{81CBA68A-CFCD-4C5A-87FF-3521402875A2}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{C9422648-7052-4599-800D-96BCF504A03A}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{9434AE65-AC7C-485A-96AE-994471973C95}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{F316F8EE-9CAE-4A27-9A22-8AABC38EF866}c:\\pelit\\joint operations typhoon rising\\jointops.exe"= UDP:c:\pelit\joint operations typhoon rising\jointops.exe:Jointops
"UDP Query User{089A5EC0-B89F-4A51-9C4A-B8FAF14DCC96}c:\\pelit\\joint operations typhoon rising\\jointops.exe"= TCP:c:\pelit\joint operations typhoon rising\jointops.exe:Jointops
"TCP Query User{FDDEC833-47DC-4C8A-B479-266B0D3FAC6F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CA5878B3-59A8-45B4-B99A-58630340E585}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E48C758D-FE82-4720-971A-BA8F1129F428}c:\\pelit\\age of empires 2\\empires2.exe"= UDP:c:\pelit\age of empires 2\empires2.exe:Age of Empires II
"UDP Query User{1A089084-F6E6-4150-B225-36A17529297B}c:\\pelit\\age of empires 2\\empires2.exe"= TCP:c:\pelit\age of empires 2\empires2.exe:Age of Empires II
"TCP Query User{91FBDA4E-FFBA-43C3-805D-155358FF9063}c:\\pelit\\warhamer mark of chaos\\warhammer.exe"= UDP:c:\pelit\warhamer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{8899C63A-1E4B-465C-A1FF-8E0153FA0355}c:\\pelit\\warhamer mark of chaos\\warhammer.exe"= TCP:c:\pelit\warhamer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{C17FE642-8785-4855-A708-722A2D716EBE}c:\\pelit\\rome total war\\rometw-bi.exe"= UDP:c:\pelit\rome total war\rometw-bi.exe:Rome: Total War - Barbarian Invasion
"UDP Query User{DE338622-7B4A-4AB0-9A3D-3B92879EA79E}c:\\pelit\\rome total war\\rometw-bi.exe"= TCP:c:\pelit\rome total war\rometw-bi.exe:Rome: Total War - Barbarian Invasion
"TCP Query User{C0433247-7A0D-4D19-B00A-F5AE63A03A03}c:\\pelit\\wolfenstein enemy territory\\et.exe"= UDP:c:\pelit\wolfenstein enemy territory\et.exe:ET
"UDP Query User{931ECAE6-440F-491A-8D5C-CD8F6E8BFF8C}c:\\pelit\\wolfenstein enemy territory\\et.exe"= TCP:c:\pelit\wolfenstein enemy territory\et.exe:ET
"TCP Query User{6DA5140E-7C54-4AAF-B368-240546D745E5}c:\\pelit\\theatre of war\\tow.exe"= UDP:c:\pelit\theatre of war\tow.exe:ToW
"UDP Query User{AF6AA5E1-5DB9-46A0-9E31-3063FD13D93E}c:\\pelit\\theatre of war\\tow.exe"= TCP:c:\pelit\theatre of war\tow.exe:ToW
"TCP Query User{3594B9CA-4271-4605-A813-4E61BB00F18F}c:\\pelit\\join operations typhoon rising\\jointops.exe"= UDP:c:\pelit\join operations typhoon rising\jointops.exe:Jointops
"UDP Query User{C0DE8BB3-BC29-46AF-8C5E-C60D8ACD9003}c:\\pelit\\join operations typhoon rising\\jointops.exe"= TCP:c:\pelit\join operations typhoon rising\jointops.exe:Jointops
"TCP Query User{1067F283-20F9-46BD-BC62-D99ABBEE396A}C:0\\allun jutut\\soulstorm\\soulstorm.exe"= UDP:C:0\allun jutut\soulstorm\soulstorm.exe:soulstorm.exe
"UDP Query User{5048B2AD-6EE5-43F7-BC48-B88EAE17EF97}C:0\\allun jutut\\soulstorm\\soulstorm.exe"= TCP:C:0\allun jutut\soulstorm\soulstorm.exe:soulstorm.exe
"TCP Query User{43E141B8-E080-4975-8BC6-9FB3BC1408D4}o:\\allun jutut\\soulstorm\\soulstorm.exe"= UDP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{7197D2D1-4492-409B-8E1F-84C3C7D284EA}o:\\allun jutut\\soulstorm\\soulstorm.exe"= TCP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"{2FBB67BD-4FF4-49C6-9680-423A641F71B1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{324E0B05-A1D0-42BC-BD33-7C442F6F7E4C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C9768131-97BC-4A1F-8455-F1A049951AE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A5872A0D-7F7F-42D9-8CD4-3CED3C5DAF7A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B0176A2E-DAA1-41C4-85B6-30F538A457F7}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"UDP Query User{07A1242A-48D5-4313-B09E-E8240A1D2A57}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"TCP Query User{307EC918-17E0-41C8-BC57-DC2D08EB2476}c:\\pelit\\baldurs gate 2\\bgmain.exe"= UDP:c:\pelit\baldurs gate 2\bgmain.exe:Baldur's Gate II - Shadows of Amn
"UDP Query User{9EBB115D-1219-443F-82CB-1023D4909D4C}c:\\pelit\\baldurs gate 2\\bgmain.exe"= TCP:c:\pelit\baldurs gate 2\bgmain.exe:Baldur's Gate II - Shadows of Amn
"TCP Query User{752DD7B4-9C0F-4C8E-B56E-94EC790FDCDA}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{AAAD65D4-3CD0-4998-9EAF-B474D6ECA9CE}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{4A17877C-8923-4ABE-A142-EEE065C220BE}c:\\pelit\\gunz\\gunzlauncher.exe"= UDP:c:\pelit\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{88CCD4EE-FF47-4982-9EA9-D7BFB9D55833}c:\\pelit\\gunz\\gunzlauncher.exe"= TCP:c:\pelit\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{CB9195BD-B654-42E4-A838-1DBF6070CC66}c:\\pelit\\vietcong 2 demo\\vietcong2-online-demo\\vietcong2.exe"= UDP:c:\pelit\vietcong 2 demo\vietcong2-online-demo\vietcong2.exe:vietcong2
"UDP Query User{75497610-0E50-4F62-8CC8-72651387E80A}c:\\pelit\\vietcong 2 demo\\vietcong2-online-demo\\vietcong2.exe"= TCP:c:\pelit\vietcong 2 demo\vietcong2-online-demo\vietcong2.exe:vietcong2
"TCP Query User{3B76A7B0-F05D-472F-9634-1FB041E65E1D}c:\\pelit\\warcraft iii\\war3.exe"= UDP:c:\pelit\warcraft iii\war3.exe:Warcraft III
"UDP Query User{78683E2A-DE99-42CC-BF65-1867B0D2F48B}c:\\pelit\\warcraft iii\\war3.exe"= TCP:c:\pelit\warcraft iii\war3.exe:Warcraft III
"TCP Query User{C330E15B-081E-476C-B43F-02347CD4A89B}c:\\pelit\\warcraft iii 2\\war3.exe"= UDP:c:\pelit\warcraft iii 2\war3.exe:Warcraft III
"UDP Query User{62A4BFA3-FCCD-48D2-89DC-9428CBE912B0}c:\\pelit\\warcraft iii 2\\war3.exe"= TCP:c:\pelit\warcraft iii 2\war3.exe:Warcraft III
"TCP Query User{E1441B7C-8FF3-4828-BB1C-767F239101DA}c:\\pelit\\vietcong2\\vietcong2.exe"= UDP:c:\pelit\vietcong2\vietcong2.exe:vietcong2
"UDP Query User{6FEB77B7-E9BA-4D53-AC7B-0E1E1E742822}c:\\pelit\\vietcong2\\vietcong2.exe"= TCP:c:\pelit\vietcong2\vietcong2.exe:vietcong2
"TCP Query User{5AE2D704-B3DB-4F64-8973-27120E79D729}c:\\pelit\\joint operations\\jointops.exe"= UDP:c:\pelit\joint operations\jointops.exe:Jointops
"UDP Query User{B2D99A04-706D-4B6D-820B-BC3D1AD04D79}c:\\pelit\\joint operations\\jointops.exe"= TCP:c:\pelit\joint operations\jointops.exe:Jointops
"{47768FEB-AE1C-420E-9446-13E0BCD84A8D}"= UDP:c:\pelit\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4E29E3EB-8E82-4B3E-BB9C-542883572093}"= TCP:c:\pelit\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{9B6E3493-EFB7-47AA-BE00-5CFB2DFE1D5A}"= UDP:c:\pelit\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{7710FB92-A4FC-4EB2-B1D7-B062DE099EFA}"= TCP:c:\pelit\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E64822F5-81E6-484E-BC40-8195905603FF}"= UDP:c:\pelit\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{5CFA7E26-5E17-40F5-A68C-C07D6416BFD7}"= TCP:c:\pelit\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{27815607-49F3-40BE-82BE-7FF3CC951664}"= UDP:c:\pelit\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{E9B3E318-11FA-4FB1-93E6-B12278CA7417}"= TCP:c:\pelit\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{B1CFEE69-DAEF-4D68-84F8-C4B7A53D931B}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{99123950-E16E-422D-B56D-6CC658D83EE2}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{A8CE0CED-DEF7-4265-A3DE-529A87ADF945}"= UDP:\allun jutut\Age of empires 3\age3x.exe:Age of Empires III - The WarChiefs
"{6C1E2F30-6EF9-46D4-8260-5FCC70D3B786}"= TCP:\allun jutut\Age of empires 3\age3x.exe:Age of Empires III - The WarChiefs
"TCP Query User{C0AC413A-0A8B-4D8F-B678-812D53F2F5DB}c:\\pelit\\company of heroes\\archive.exe"= UDP:c:\pelit\company of heroes\archive.exe:Archive
"UDP Query User{02A24A51-654A-4592-8A1C-446FFA471722}c:\\pelit\\company of heroes\\archive.exe"= TCP:c:\pelit\company of heroes\archive.exe:Archive
"{DB3F79BC-BAD1-49DD-8347-100FEF9B67DD}"= UDP:c:\pelit\Call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E1EDAE40-9795-4C00-937A-50BDE14DAE2B}"= TCP:c:\pelit\Call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7F98F764-2F42-4DE7-9F90-280FFD6BB061}c:\\pelit\\close combat invasion normandy\\cc5.exe"= UDP:c:\pelit\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"UDP Query User{B2234246-B7D0-485F-AB73-B70DC88D0F2E}c:\\pelit\\close combat invasion normandy\\cc5.exe"= TCP:c:\pelit\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"TCP Query User{E4803322-2918-475A-901E-371BC624B2E1}o:\\arma\\arma.exe"= UDP:\arma\arma.exe:ArmA
"UDP Query User{922C433D-2590-4075-9966-42FF1FC9CD66}o:\\arma\\arma.exe"= TCP:\arma\arma.exe:ArmA
"TCP Query User{DE72187F-4B27-479F-B04C-CFD5F0DAAF67}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\fireguns 1.3\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\fireguns 1.3\hl.exe:Half-Life Launcher
"UDP Query User{B0C9E378-719C-4E3C-AA75-17F67139BB59}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\fireguns 1.3\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\fireguns 1.3\hl.exe:Half-Life Launcher
"TCP Query User{320B6A53-FAC0-475F-8C20-01055B3B221B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{CBFB602A-0984-4C61-9114-0916F4FD6310}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{EC9CFC24-CBEC-40D8-9C23-698CCA5C9588}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{68FE1F1E-7E53-418A-8351-D91F3FAC3504}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{96529AF6-C427-4332-8FE7-DC1DD988959D}c:\\pelit\\cs 1.6 non steam\\hl.exe"= UDP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"UDP Query User{1CFEC60E-7826-4B35-ABA6-ED38FAE135DF}c:\\pelit\\cs 1.6 non steam\\hl.exe"= TCP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"{6ACC0AA7-20F9-45E5-A267-72A0387019E7}"= UDP:c:\pelit\Woeld in Conflict\wic.exe:World in Conflict
"{38A39D0E-BFAF-4246-B985-54C6C96C9340}"= TCP:c:\pelit\Woeld in Conflict\wic.exe:World in Conflict
"{26FF9432-7258-40B7-A534-7A43A197F000}"= UDP:c:\pelit\Woeld in Conflict\wic_online.exe:World in Conflict - Online Only
"{79B7B960-11B6-4221-987B-74CD446C17D4}"= TCP:c:\pelit\Woeld in Conflict\wic_online.exe:World in Conflict - Online Only
"{C3B2453D-8940-46CC-89E4-918A49784AEA}"= UDP:c:\pelit\Woeld in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CB5DC3E9-E053-419D-B548-3B4473DE26E9}"= TCP:c:\pelit\Woeld in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{541CDC72-17FA-43F3-B2C9-5B5190A366C9}c:\\pelit\\world in conflict\\wic.exe"= UDP:c:\pelit\world in conflict\wic.exe:World in Conflict
"UDP Query User{FB8A68CC-D792-443F-92ED-9DEBDA9DAB20}c:\\pelit\\world in conflict\\wic.exe"= TCP:c:\pelit\world in conflict\wic.exe:World in Conflict
"TCP Query User{108ACDCD-50E1-4843-94A3-48B3D501855D}c:\\pelit\\starcraft\\starcraft.exe"= UDP:c:\pelit\starcraft\starcraft.exe:StarCraft
"UDP Query User{D3AC8AA4-569C-4265-99D8-C9B9597D645F}c:\\pelit\\starcraft\\starcraft.exe"= TCP:c:\pelit\starcraft\starcraft.exe:StarCraft
"TCP Query User{C189AE72-9FCB-4A87-9773-74802F0D7216}c:\\pelit\\making history\\bin\\makehist.exe"= UDP:c:\pelit\making history\bin\makehist.exe:Making History Client Application
"UDP Query User{38CD34D0-D73D-493C-8CDC-21C3B4319ABC}c:\\pelit\\making history\\bin\\makehist.exe"= TCP:c:\pelit\making history\bin\makehist.exe:Making History Client Application
"TCP Query User{5511C981-0518-4275-AEBE-71097BA482BD}o:\\rainbow six vegas\\binaries\\r6vegasserver.exe"= UDP:\rainbow six vegas\binaries\r6vegasserver.exe:R6VegasServer
"UDP Query User{EE6C2B46-2D79-4D44-941B-02554F6C3E6D}o:\\rainbow six vegas\\binaries\\r6vegasserver.exe"= TCP:\rainbow six vegas\binaries\r6vegasserver.exe:R6VegasServer
"TCP Query User{AFD3A14F-D68C-45B7-BA20-91C4A5CE8F3E}o:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{663C4DBA-19A0-4243-AC3E-4781D3511CAA}o:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{D14BB83D-4D62-4C92-AC23-E8913F18DBBF}C:0\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:0\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"UDP Query User{F232FE26-D318-455F-A183-4FA1EE24A238}C:0\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:0\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"TCP Query User{7FCB5A9B-32CB-45A6-9938-B95CAC93CFF6}c:\\pelit\\cossack 2\\gsc game world\\cossacks ii\\data\\engine.exe"= UDP:c:\pelit\cossack 2\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"UDP Query User{EDABA1B2-0BBF-47DC-A864-D5449CD73647}c:\\pelit\\cossack 2\\gsc game world\\cossacks ii\\data\\engine.exe"= TCP:c:\pelit\cossack 2\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"TCP Query User{DDB2D78F-637B-4B78-859C-915BABC75DD0}c:\\pelit\\tactical ops assault on terror\\system\\tacticalops.exe"= UDP:c:\pelit\tactical ops assault on terror\system\tacticalops.exe:TacticalOps
"UDP Query User{7AAF5251-84CC-4498-8966-A572CCC510BA}c:\\pelit\\tactical ops assault on terror\\system\\tacticalops.exe"= TCP:c:\pelit\tactical ops assault on terror\system\tacticalops.exe:TacticalOps
"{6C3EB919-2549-4E99-9981-574EB0C215E2}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{4D943165-D235-4945-80C4-8A038B023B3E}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{87084EA9-D42A-41AA-9972-62C9F025A3FE}"= UDP:c:\pelit\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{AA2D3645-D726-499B-8789-94915BAF0EF1}"= TCP:c:\pelit\Combat Arms EU\NMService.exe:Nexon Messenger Core
"TCP Query User{BDBC4997-7F70-413F-AC33-D71C64FDBED7}c:\\pelit\\left4dead\\hl2.exe"= UDP:c:\pelit\left4dead\hl2.exe:hl2
"UDP Query User{22DDA069-9B57-425B-B401-C0C40CEE65C1}c:\\pelit\\left4dead\\hl2.exe"= TCP:c:\pelit\left4dead\hl2.exe:hl2
"TCP Query User{E123FE6D-8D80-402A-9C79-88CD34E66F54}c:\\pelit\\left4dead\\left4dead.exe"= UDP:c:\pelit\left4dead\left4dead.exe:left4dead
"UDP Query User{B0CC0B47-4E7E-49AF-8E09-16D0B465D9E4}c:\\pelit\\left4dead\\left4dead.exe"= TCP:c:\pelit\left4dead\left4dead.exe:left4dead
"TCP Query User{B3AA3DE5-ABCD-400C-BE44-4C0661B16A37}c:\\users\\luomala\\downloads\\sc2-battlereport-1_esrb-downloader.exe"= UDP:c:\users\luomala\downloads\sc2-battlereport-1_esrb-downloader.exe:sc2-battlereport-1_esrb-downloader.exe
"UDP Query User{08E05937-91BB-4980-B6E2-69827376EE66}c:\\users\\luomala\\downloads\\sc2-battlereport-1_esrb-downloader.exe"= TCP:c:\users\luomala\downloads\sc2-battlereport-1_esrb-downloader.exe:sc2-battlereport-1_esrb-downloader.exe
"TCP Query User{A11E41D2-0DB8-4FF5-A00F-78A3253ACDD0}c:\\pelit\\america's army\\aadeployclient.exe"= UDP:c:\pelit\america's army\aadeployclient.exe:AADeployClient
"UDP Query User{7D6A46AB-B94E-4E83-8C0F-9A93D1D70186}c:\\pelit\\america's army\\aadeployclient.exe"= TCP:c:\pelit\america's army\aadeployclient.exe:AADeployClient
"TCP Query User{DCADCF8D-C0E8-4377-AE31-A96CEEBB15F5}c:\\pelit\\america's army\\system\\armyops.exe"= UDP:c:\pelit\america's army\system\armyops.exe:ArmyOps
"UDP Query User{F7587652-F276-4971-A3BB-9F1A8B5DD3F4}c:\\pelit\\america's army\\system\\armyops.exe"= TCP:c:\pelit\america's army\system\armyops.exe:ArmyOps
"TCP Query User{33F400CE-60E3-4BD0-B176-29E2940F5200}c:\\pelit\\company of heroes\\reliccoh.exe"= UDP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{5B354D3A-9F51-49B8-8788-48908A913DCC}c:\\pelit\\company of heroes\\reliccoh.exe"= TCP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{FA38CE2B-5230-4054-98D2-529741DBFC4B}c:\\pelit\\company of heroes\\bugreport\\bugreport.exe"= UDP:c:\pelit\company of heroes\bugreport\bugreport.exe:BugReport
"UDP Query User{04B479CC-A944-4521-B9EA-9327BFEAA77E}c:\\pelit\\company of heroes\\bugreport\\bugreport.exe"= TCP:c:\pelit\company of heroes\bugreport\bugreport.exe:BugReport
"TCP Query User{84EBB90C-E6FF-4985-B886-CDCD87EE387A}c:\\pelit\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\pelit\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{B3E5FC51-BF7D-4744-B937-236A84D98825}c:\\pelit\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\pelit\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{F5E09855-BCF5-463E-BA8B-8AE0C0128FF9}c:\\users\\luomala\\appdata\\local\\temp\\patcher\\updater.exe"= UDP:c:\users\luomala\appdata\local\temp\patcher\updater.exe:updater.exe
"UDP Query User{91EF6B47-30B9-4988-802F-17B8A5F6E53E}c:\\users\\luomala\\appdata\\local\\temp\\patcher\\updater.exe"= TCP:c:\users\luomala\appdata\local\temp\patcher\updater.exe:updater.exe
"{303FD8ED-85B1-4368-917A-9EE53D233A15}"= UDP:c:\pelit\Battlefield 2\BF2.exe:Battlefield 2
"{CD62EAD8-F65E-4FEC-9BC4-5E7754097850}"= TCP:c:\pelit\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{64ADC18F-BA95-457A-892D-E6AA68F63191}c:\\pelit\\ghost recon advanced warfighter demo\\graw_demo.exe"= UDP:c:\pelit\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
"UDP Query User{DE1E15A6-3574-48AB-97DF-DED99081B6CE}c:\\pelit\\ghost recon advanced warfighter demo\\graw_demo.exe"= TCP:c:\pelit\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
"TCP Query User{98C575AD-C23B-491A-A7B5-2858B4DF32CB}c:\\pelit\\multiwinia\\multiwinia.exe"= UDP:c:\pelit\multiwinia\multiwinia.exe:multiwinia
"UDP Query User{01C52F0F-7BC4-4B2E-AD4A-260188C1BFAC}c:\\pelit\\multiwinia\\multiwinia.exe"= TCP:c:\pelit\multiwinia\multiwinia.exe:multiwinia
"{BD09505D-4EFA-4C3E-B943-614E257ACBD0}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{38D7B41E-86BB-4916-9673-835B609B68AC}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"TCP Query User{CE328C07-E1F0-4090-9CB5-84E1CEFB8ACE}p:\\allun jutut\\soulstorm\\soulstorm.exe"= UDP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{C62F60B4-9A20-4729-A76E-F94DBCB3DA8A}p:\\allun jutut\\soulstorm\\soulstorm.exe"= TCP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"{13CB190F-9068-40E5-A491-5C873F974FF3}"= UDP:c:\pelit\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{BD6C3612-99D4-4D5A-9BAB-D88AAFE2D41E}"= TCP:c:\pelit\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{CB6DEA49-BDA1-4331-AD91-C00BF3D9CC56}"= UDP:c:\pelit\Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F5DCE785-E6AE-4D45-AB4C-D0AE7A67EDDC}"= TCP:c:\pelit\Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{6E21159D-B87B-42EF-8E45-311943E275FE}"= UDP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{4E89709B-DAB9-4B08-89A3-6D6F5ED59637}"= TCP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{76247282-631D-44A7-B89A-44BE4A092176}"= UDP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{7B99F820-A2AC-433F-B264-DEB88F9B848E}"= TCP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4BFB93D3-034A-4CAC-8EF6-611041C61BD6}"= UDP:c:\pelit\Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{84FBE261-29A1-4278-A212-8A62669F8A64}"= TCP:c:\pelit\Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{E6C4E6D6-B559-44FB-A159-5627D0E9762B}"= UDP:c:\pelit\Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{EF74EFB8-9A1E-40FC-AF74-15522FF441AD}"= TCP:c:\pelit\Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"TCP Query User{A9E0E6E3-82B2-44FC-8DC0-2BC47FDF8057}c:\\pelit\\company of heroes\\reliccoh.exe"= UDP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{1ED47BFF-CDCD-4AF4-BBC6-ADFF6DA1DB84}c:\\pelit\\company of heroes\\reliccoh.exe"= TCP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{1C50AFA7-9919-4543-ACFF-138F58D07462}p:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{D6C73AF6-7C4C-4BF1-8C4F-183401D4EFC4}p:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"{7EAE5833-0EE4-48DD-B9D0-36F5F7CF7FAA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ABB90B6E-05B1-4135-832B-0CE990E2BDA9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-01-23 45648]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-02-24 43816]
R2 fsssvc;Windows Live OneCare – perheturva;c:\program files\Windows Live\Perheturva\fsssvc.exe [2007-12-17 523816]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-04 38496]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-11-23 98488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7b26b4-6b05-11dd-ae06-001a92294dc4}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7b26b9-6b05-11dd-ae06-001a92294dc4}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7b26bb-6b05-11dd-ae06-001a92294dc4}]
\shell\AutoRun\command - M:\avp2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7bbb51-cb64-11dc-8801-001a92294dc4}]
\shell\AutoRun\command - j:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7bbb8a-cb64-11dc-8801-001a92294dc4}]
\shell\AutoRun\command - N:\Autorun.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-02-02 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - POISTETUT JÄMÄRIVIT - - - -

Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
HKLM-Run-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://finnish.toggle.com/index.php?rvs=hompag
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\users\Luomala\AppData\Roaming\Mozilla\Firefox\Profiles\k031zjrw.default\
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Luomala\AppData\Roaming\Mozilla\Firefox\Profiles\k031zjrw.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\users\Luomala\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 07:59:40
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-03-05 8:04:46
ComboFix-quarantined-files.txt 2009-03-05 06:04:24

Ennen ajoa: 344,899,584 tavua vapaana
Ajon jälkeen: 51,986,739,200 tavua vapaana

406 --- E O F --- 2009-02-27 05:59:27




Tuo viirus ilmeisesti vienyt tuon kauhean kokoisen tilan itselleen?
Ihmettelinkin kun ei ollut tilaa vaikka C: aseman juuren koon ja tuon aseman koon erotuksesta olisi pitänyt jäädä joku 50Gt muttei ollu kuin joitakin megoja... oli tuo viirus ollut jo karanteenissa jonkun aikaa mutta silti se ilmeisesti pystyi syömään tuota tilaa.

 

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna nimellä

Kohde: Työpöytä

Tiedostonnimi: CFScript.txt

Tallennusmuoto: Kaikki tiedostot

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

 

ComboFix 09-03-02.01 - Luomala 2009-03-05 15:37:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.358.1035.18.2943.1807 [GMT 2:00]
Sijainti: c:\users\Luomala\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Luomala\Desktop\CFScript.txt
AV: avast! antivirus 4.7.1098 [VPS 090228-0] *On-access scanning disabled* (Updated)
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Symantec
c:\programdata\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\programdata\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}.qbi
c:\programdata\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}\{656EF7C9-B308-4450-8E1B-17B02CE19262}.qbd
c:\programdata\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}\{656EF7C9-B308-4450-8E1B-17B02CE19262}.qbi
c:\programdata\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}\{D69023B3-E8FF-4FA1-BC67-324AF03EC928}.qbd
c:\programdata\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}\{D69023B3-E8FF-4FA1-BC67-324AF03EC928}.qbi
c:\programdata\Symantec\Shared\QBackup\{0DB5AC60-EC57-457A-9D13-11D9CC304123}.qbi
c:\programdata\Symantec\Shared\QBackup\{0DB5AC60-EC57-457A-9D13-11D9CC304123}\{39AE2125-932F-4AD5-A27F-022B3472709E}.qbd
c:\programdata\Symantec\Shared\QBackup\{0DB5AC60-EC57-457A-9D13-11D9CC304123}\{39AE2125-932F-4AD5-A27F-022B3472709E}.qbi
c:\programdata\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F}.qbi
c:\programdata\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F}\{294A4F86-79AD-4F14-89C0-02CA4EE13E5F}.qbd
c:\programdata\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F}\{294A4F86-79AD-4F14-89C0-02CA4EE13E5F}.qbi
c:\programdata\Symantec\Shared\QBackup\{4121CE2B-A414-48C5-9E33-CF02F4B1BEED}.qbi
c:\programdata\Symantec\Shared\QBackup\{4121CE2B-A414-48C5-9E33-CF02F4B1BEED}\{A58D0624-53B3-4B21-9917-06FCB5976D5A}.qbd
c:\programdata\Symantec\Shared\QBackup\{4121CE2B-A414-48C5-9E33-CF02F4B1BEED}\{A58D0624-53B3-4B21-9917-06FCB5976D5A}.qbi
c:\programdata\Symantec\Shared\QBackup\{50216A0D-A2B2-4225-A463-8BEB9A0F8AAE}.qbi
c:\programdata\Symantec\Shared\QBackup\{50216A0D-A2B2-4225-A463-8BEB9A0F8AAE}\{BE195270-8F05-4BFF-B472-A4306A510174}.qbd
c:\programdata\Symantec\Shared\QBackup\{50216A0D-A2B2-4225-A463-8BEB9A0F8AAE}\{BE195270-8F05-4BFF-B472-A4306A510174}.qbi
c:\programdata\Symantec\Shared\QBackup\{50216A0D-A2B2-4225-A463-8BEB9A0F8AAE}\{D70DB95A-3892-4A16-BC00-059F9B7E104A}.qbd
c:\programdata\Symantec\Shared\QBackup\{50216A0D-A2B2-4225-A463-8BEB9A0F8AAE}\{D70DB95A-3892-4A16-BC00-059F9B7E104A}.qbi
c:\programdata\Symantec\Shared\QBackup\{89054EF4-0AE9-4CB2-9475-967F65D504E7}.qbi
c:\programdata\Symantec\Shared\QBackup\{89054EF4-0AE9-4CB2-9475-967F65D504E7}\{7752140D-A762-4457-B9D5-F1E6055E70AB}.qbd
c:\programdata\Symantec\Shared\QBackup\{89054EF4-0AE9-4CB2-9475-967F65D504E7}\{7752140D-A762-4457-B9D5-F1E6055E70AB}.qbi
c:\programdata\Symantec\Shared\QBackup\{89054EF4-0AE9-4CB2-9475-967F65D504E7}\{868F8106-82CD-447B-9663-E770815632D3}.qbd
c:\programdata\Symantec\Shared\QBackup\{89054EF4-0AE9-4CB2-9475-967F65D504E7}\{868F8106-82CD-447B-9663-E770815632D3}.qbi
c:\programdata\Symantec\Shared\QBackup\{980CE222-EA03-472A-B8F2-3F6A24E0EDD0}.qbi
c:\programdata\Symantec\Shared\QBackup\{980CE222-EA03-472A-B8F2-3F6A24E0EDD0}\{578C70F5-1A1A-450F-86CB-2CB7DBF4F65F}.qbd
c:\programdata\Symantec\Shared\QBackup\{980CE222-EA03-472A-B8F2-3F6A24E0EDD0}\{578C70F5-1A1A-450F-86CB-2CB7DBF4F65F}.qbi
c:\programdata\Symantec\Shared\QBackup\{980CE222-EA03-472A-B8F2-3F6A24E0EDD0}\{817CE3EE-5821-4E01-8686-C19C258A799D}.qbd
c:\programdata\Symantec\Shared\QBackup\{980CE222-EA03-472A-B8F2-3F6A24E0EDD0}\{817CE3EE-5821-4E01-8686-C19C258A799D}.qbi
c:\programdata\Symantec\Shared\QBackup\{A6ED2A4B-F746-4B25-ACB0-93CEBF0BC442}.qbi
c:\programdata\Symantec\Shared\QBackup\{A6ED2A4B-F746-4B25-ACB0-93CEBF0BC442}\{8BCDD6D5-E8F7-482A-8528-04840883A5EF}.qbd
c:\programdata\Symantec\Shared\QBackup\{A6ED2A4B-F746-4B25-ACB0-93CEBF0BC442}\{8BCDD6D5-E8F7-482A-8528-04840883A5EF}.qbi
c:\programdata\Symantec\Shared\QBackup\{A6ED2A4B-F746-4B25-ACB0-93CEBF0BC442}\{C0E16BA4-98DD-4411-A1D8-D43CB8E1656D}.qbd
c:\programdata\Symantec\Shared\QBackup\{A6ED2A4B-F746-4B25-ACB0-93CEBF0BC442}\{C0E16BA4-98DD-4411-A1D8-D43CB8E1656D}.qbi
c:\programdata\Symantec\Shared\QBackup\{D2956D16-7B5F-43A4-AB05-B56710A374E9}.qbi
c:\programdata\Symantec\Shared\QBackup\{D2956D16-7B5F-43A4-AB05-B56710A374E9}\{1ADB89CF-E230-454B-8FDB-7D15D39ECB8D}.qbd
c:\programdata\Symantec\Shared\QBackup\{D2956D16-7B5F-43A4-AB05-B56710A374E9}\{1ADB89CF-E230-454B-8FDB-7D15D39ECB8D}.qbi
c:\programdata\Symantec\Shared\QBackup\{F141F5E5-3465-42C1-8740-0CC6C38D91EA}.qbi
c:\programdata\Symantec\Shared\QBackup\{F141F5E5-3465-42C1-8740-0CC6C38D91EA}\{2A58147B-CB9C-4B86-BEB4-C58BE22E08CB}.qbd
c:\programdata\Symantec\Shared\QBackup\{F141F5E5-3465-42C1-8740-0CC6C38D91EA}\{2A58147B-CB9C-4B86-BEB4-C58BE22E08CB}.qbi
c:\programdata\Symantec\Shared\QBackup\{F141F5E5-3465-42C1-8740-0CC6C38D91EA}\{C38ACBF1-51E3-4AFC-8E90-C28FD7575E02}.qbd
c:\programdata\Symantec\Shared\QBackup\{F141F5E5-3465-42C1-8740-0CC6C38D91EA}\{C38ACBF1-51E3-4AFC-8E90-C28FD7575E02}.qbi
c:\programdata\Symantec\Shared\QBackup\{FCF6B885-4248-4736-AC4B-71E813F9DD44}.qbi
c:\programdata\Symantec\Shared\QBackup\{FCF6B885-4248-4736-AC4B-71E813F9DD44}\{AD7C1781-0EF4-4ECB-A80C-475FA2B791CB}.qbd
c:\programdata\Symantec\Shared\QBackup\{FCF6B885-4248-4736-AC4B-71E813F9DD44}\{AD7C1781-0EF4-4ECB-A80C-475FA2B791CB}.qbi
c:\programdata\Symantec\Shared\QBackup\index.qbs
c:\programdata\Symantec\wcid0.log

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-02-05 to 2009-03-05 )))))))))))))))))
.

2009-03-04 18:24 . 2009-03-04 18:24 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\Malwarebytes
2009-03-04 18:24 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-04 18:23 . 2009-03-04 18:23 <KANSIO> d-------- c:\users\All Users\Malwarebytes
2009-03-04 18:23 . 2009-03-04 18:23 <KANSIO> d-------- c:\programdata\Malwarebytes
2009-03-04 18:23 . 2009-03-04 18:24 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 18:23 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 22:41 . 2009-03-02 22:41 <KANSIO> d-------- C:\!KillBox
2009-02-28 22:46 . 2009-02-28 22:47 <KANSIO> d-------- c:\program files\Hamachi
2009-02-28 22:46 . 2009-02-28 22:46 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\windows\Easy CD-DA Extractor 12.0
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\users\All Users\TEMP
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\users\All Users\Easy CD-DA Extractor
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\programdata\TEMP
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\programdata\Easy CD-DA Extractor
2009-02-25 01:41 . 2009-02-25 01:41 <KANSIO> d-------- c:\program files\Easy CD-DA Extractor 12
2009-02-25 01:35 . 2009-02-28 22:45 <KANSIO> d-------- C:\Temp
2009-02-25 01:33 . 2009-02-25 01:33 <KANSIO> d-------- c:\program files\ImTOO
2009-02-25 01:29 . 2009-02-25 01:29 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\Winamp
2009-02-25 01:29 . 2009-02-25 01:29 <KANSIO> d-------- c:\program files\Winamp
2009-02-20 21:22 . 2009-02-16 15:15 108,126,682 --a------ c:\users\Public\Combat_Revolution_Setup_v3.00_FULL.exe
2009-02-20 20:47 . 2009-02-20 20:47 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\My Games
2009-02-17 17:26 . 2009-02-19 00:13 <KANSIO> d-------- C:\jännempi juttu
2009-02-15 10:29 . 2009-02-15 10:29 <KANSIO> d-------- c:\users\Luomala\temp
2009-02-15 10:29 . 2009-02-15 10:29 <KANSIO> d-------- c:\users\Luomala\AppData\Roaming\TeamViewer
2009-02-15 10:29 . 2009-02-15 10:29 <KANSIO> d-------- c:\program files\TeamViewer
2009-02-12 19:30 . 2009-02-12 19:30 <KANSIO> d-------- c:\program files\Tilester
2009-02-12 19:30 . 2009-02-12 19:30 <KANSIO> d-------- c:\program files\CoolBasic
2009-02-12 08:08 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 08:08 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 08:08 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 08:08 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 08:08 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 08:08 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 08:08 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 08:08 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 08:00 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 08:00 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 08:00 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 07:59 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 07:59 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 07:31 . 2008-12-05 06:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 07:31 . 2008-12-05 06:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 07:30 . 2008-12-05 06:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 07:30 . 2008-12-05 06:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 07:30 . 2008-12-05 06:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 13:40 . 2009-01-15 08:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 13:39 . 2009-01-15 05:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 05:54 --------- d-----w c:\users\Luomala\AppData\Roaming\Hamachi
2009-03-05 05:19 --------- d-----w c:\program files\Steam
2009-03-04 16:03 --------- d-----w c:\program files\Java
2009-02-23 05:08 --------- d-----w c:\program files\Common Files\Steam
2009-02-23 05:06 --------- d-----w c:\program files\Google
2009-02-21 18:25 --------- d-----w c:\programdata\Media Center Programs
2009-02-20 17:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 15:29 --------- d-----w c:\users\Luomala\AppData\Roaming\Azureus
2009-02-18 22:53 201,816 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 22:53 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-18 13:35 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2009-02-17 11:37 --------- d-----w c:\users\Luomala\AppData\Roaming\Media Center Programs
2009-02-16 18:36 70,968 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-12 18:47 --------- d-----w c:\users\Luomala\AppData\Roaming\Mount&Blade
2009-02-11 22:32 --------- d-----w c:\program files\Windows Mail
2009-02-03 06:09 --------- d-----w c:\program files\AGEIA Technologies
2009-02-02 15:04 --------- d-----w c:\program files\ReflexiveArcade
2009-01-25 08:50 --------- d-----w c:\program files\Vuze
2009-01-18 15:44 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-14 19:01 --------- d-----w c:\programdata\NVIDIA
2009-01-08 15:45 --------- d-----w c:\program files\D-Day Coop
2008-12-23 19:58 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-09-11 14:54 180 ----a-w c:\users\Luomala\AppData\Roaming\wklnhst.dat
2008-07-07 20:54 174 --sha-w c:\program files\desktop.ini
2008-06-27 10:43 22,328 ----a-w c:\users\Luomala\AppData\Roaming\PnkBstrK.sys
2008-03-22 13:58 7,391,765 ----a-w c:\users\Public\MEDIEVAL.2.TW.V1.3.ENG.SKIDROW.NOCD.ZIP
2008-03-16 17:52 643,088,529 ----a-w c:\users\Public\miitw_update2_efigs_rc_final(2).exe
2007-11-09 13:25 57,344 ----a-w c:\program files\mozilla firefox\components\MGSHelper.dll
2008-10-11 10:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-11 10:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-11 10:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-24 20:08 1,368 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-11-03 17:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008110320081104\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_ 8.03.38.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-05 05:59:35 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-05 13:39:28 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 13:46 1510424 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"fssui"="c:\program files\Windows Live\Perheturva\fssui.exe" [2007-12-17 243240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 92704]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Luomala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-28 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC6E180F-2475-466C-A16E-BF90D6C1C7BC}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{40BB94D6-08B0-4899-A80D-C175A0080B69}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{680A9E1F-81D7-4314-B02A-C264E7F968ED}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7F4502BE-C2D8-498B-8C45-42C87B890B06}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\counter-strike\hl.exe:Half-Life Launcher
"{BF24CA8D-6A03-44F1-AB36-7C6A6F727B0E}"= UDP:c:\pelit\Rainbow six Lock down demo\Lockdown.exe:Rainbow Six Lockdown Demo
"{CDB9ADA5-A53E-4B47-9814-E5C7E9DF4B87}"= TCP:c:\pelit\Rainbow six Lock down demo\Lockdown.exe:Rainbow Six Lockdown Demo
"{32780F12-20C5-4F5B-A608-19ED05E20576}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AA166499-6D32-40CD-AA69-08D5404393CF}"= UDP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{C3D28EA4-7A8C-4A86-8F73-F07150FF5D9E}"= TCP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{7E64E766-CEF2-413D-BCD5-7EE335D1CC3E}"= UDP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{B5DBA29E-D16B-42FA-9B4D-3A120EC3FEF5}"= TCP:c:\pelit\Rainbow six Las Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{BAE3050D-53DF-4FC5-A5DB-E33D259936E4}"= UDP:c:\pelit\axis&allies\AA_demo.exe:Axis & Allies Demo
"{20263FDD-E52E-4CDC-917E-FCA5E086F59C}"= TCP:c:\pelit\axis&allies\AA_demo.exe:Axis & Allies Demo
"{08A5ED55-680F-486A-B5E0-0AE8F78DBAAA}"= UDP:c:\pelit\AvP\AVP2.exe:Aliens vs. Predator 2
"{9D9BBD96-4C63-4E60-ADE8-9F98C7ADA16E}"= TCP:c:\pelit\AvP\AVP2.exe:Aliens vs. Predator 2
"{900E7B21-4A25-46BC-9CCF-ED40C4BCC64C}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{B5DC7FC4-7350-4FF9-BB02-A8F562F147BC}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{AB6C6BD9-D340-4F0A-A45B-4CC45307C3FA}c:\\pelit\\il-2 sturmovik forgotten battles\\il2fb.exe"= UDP:c:\pelit\il-2 sturmovik forgotten battles\il2fb.exe:il2fb
"UDP Query User{B371BC59-EE61-4075-8C99-3B8D9C28FBFB}c:\\pelit\\il-2 sturmovik forgotten battles\\il2fb.exe"= TCP:c:\pelit\il-2 sturmovik forgotten battles\il2fb.exe:il2fb
"TCP Query User{7FDC773E-04DC-4CBB-91A5-09BCCA6CA879}c:\\pelit\\il-2 sturmovik forgotten battles\\il2.exe.exe"= UDP:c:\pelit\il-2 sturmovik forgotten battles\il2.exe.exe:IL2.exe
"UDP Query User{DEA930A0-39AB-44E9-BCE9-3822F0D0D723}c:\\pelit\\il-2 sturmovik forgotten battles\\il2.exe.exe"= TCP:c:\pelit\il-2 sturmovik forgotten battles\il2.exe.exe:IL2.exe
"TCP Query User{B4991654-0224-4CDC-9EB0-B0376844FC82}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A2E74584-FBA6-4AE1-AB68-7B1E03D394C2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{2C99E14F-1E05-4463-AA90-7D1AFEC24746}c:\\pelit\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\pelit\battlefield vietnam\bfvietnam.exe:BfVietnam
"UDP Query User{D01AC437-2472-4A42-9405-CA5A5F4B1FFF}c:\\pelit\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\pelit\battlefield vietnam\bfvietnam.exe:BfVietnam
"TCP Query User{DCF99F62-E0F0-464E-86AD-D719CDC261D5}c:\\pelit\\combat mission shock force\\cm shock force.exe"= UDP:c:\pelit\combat mission shock force\cm shock force.exe:CM Shock Force
"UDP Query User{51478043-11BE-45CC-9990-00496C97B0D5}c:\\pelit\\combat mission shock force\\cm shock force.exe"= TCP:c:\pelit\combat mission shock force\cm shock force.exe:CM Shock Force
"TCP Query User{15A5B61A-CBBC-4DED-883B-C1D46B367E66}c:\\pelit\\soulstorm\\soulstorm.exe"= UDP:c:\pelit\soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{CE2C7EBD-B6D9-4BFE-948C-9158C4BC96AF}c:\\pelit\\soulstorm\\soulstorm.exe"= TCP:c:\pelit\soulstorm\soulstorm.exe:Soulstorm
"TCP Query User{EB50139B-239E-42B6-99B0-8C64C20AB0C5}c:\\program files\\bfvcc server manager\\bfvcc.exe"= UDP:c:\program files\bfvcc server manager\bfvcc.exe:BFVCC
"UDP Query User{D069D93E-AC3C-4C71-ACD0-587DB4AB87B4}c:\\program files\\bfvcc server manager\\bfvcc.exe"= TCP:c:\program files\bfvcc server manager\bfvcc.exe:BFVCC
"TCP Query User{DEE86C35-3710-4E9B-A45A-B3E0223DF564}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:BfVietnam
"UDP Query User{A8D96525-3AA0-4D17-8D0D-0954C297DEC4}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:BfVietnam
"TCP Query User{CD40663A-F628-4273-8E81-35D919D33B81}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{068E29F4-40EE-4604-9203-B1E2155AE0ED}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{833663D1-4072-4611-B0BB-A1AFDC75F6C4}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\hl.exe:Half-Life Launcher
"UDP Query User{F291874C-2D62-4AC1-BEC1-2B4622A4A5C0}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\hl.exe:Half-Life Launcher
"TCP Query User{0FBE8FB3-E6F8-4B37-B6D3-91CD2B7243A5}c:\\pelit\\rome total war\\rometw.exe"= UDP:c:\pelit\rome total war\rometw.exe:Rome: Total War
"UDP Query User{9332F2D6-E0AB-4943-8C7F-755A5D593132}c:\\pelit\\rome total war\\rometw.exe"= TCP:c:\pelit\rome total war\rometw.exe:Rome: Total War
"TCP Query User{E75E59FD-D78B-49A5-8846-140238F8B35A}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{12161F44-ACF1-44EA-B37B-5F522E3127C0}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{5A697A1B-B6FC-4BFE-A4F2-7B1642FD8A73}c:\\pelit\\cs 1.6 non steam\\hl.exe"= UDP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"UDP Query User{2D315175-C18A-4968-9F86-593415D66A59}c:\\pelit\\cs 1.6 non steam\\hl.exe"= TCP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"TCP Query User{15113762-C548-4717-8510-41117C346F86}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{D1E4BB3D-522A-456A-BCDD-1C7F2AC96139}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{51655664-F401-4619-9FCB-6A40082D1CA5}c:\\pelit\\vietcong\\vietcong.exe"= UDP:c:\pelit\vietcong\vietcong.exe:vietcong
"UDP Query User{1596F0A9-F2B9-4287-A69D-14F945C16C80}c:\\pelit\\vietcong\\vietcong.exe"= TCP:c:\pelit\vietcong\vietcong.exe:vietcong
"TCP Query User{B5A849E1-C89F-4FA6-A746-FF04C1370F7E}c:\\pelit\\medieval total war 2\\medieval2.exe"= UDP:c:\pelit\medieval total war 2\medieval2.exe:Medieval 2: Total War
"UDP Query User{BAEAF5BC-4E93-42AF-90DF-98CA21209773}c:\\pelit\\medieval total war 2\\medieval2.exe"= TCP:c:\pelit\medieval total war 2\medieval2.exe:Medieval 2: Total War
"{74C92A8E-20F6-42E9-B8B9-0A2C91C46BC3}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{81CBA68A-CFCD-4C5A-87FF-3521402875A2}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{C9422648-7052-4599-800D-96BCF504A03A}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{9434AE65-AC7C-485A-96AE-994471973C95}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{F316F8EE-9CAE-4A27-9A22-8AABC38EF866}c:\\pelit\\joint operations typhoon rising\\jointops.exe"= UDP:c:\pelit\joint operations typhoon rising\jointops.exe:Jointops
"UDP Query User{089A5EC0-B89F-4A51-9C4A-B8FAF14DCC96}c:\\pelit\\joint operations typhoon rising\\jointops.exe"= TCP:c:\pelit\joint operations typhoon rising\jointops.exe:Jointops
"TCP Query User{FDDEC833-47DC-4C8A-B479-266B0D3FAC6F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CA5878B3-59A8-45B4-B99A-58630340E585}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E48C758D-FE82-4720-971A-BA8F1129F428}c:\\pelit\\age of empires 2\\empires2.exe"= UDP:c:\pelit\age of empires 2\empires2.exe:Age of Empires II
"UDP Query User{1A089084-F6E6-4150-B225-36A17529297B}c:\\pelit\\age of empires 2\\empires2.exe"= TCP:c:\pelit\age of empires 2\empires2.exe:Age of Empires II
"TCP Query User{91FBDA4E-FFBA-43C3-805D-155358FF9063}c:\\pelit\\warhamer mark of chaos\\warhammer.exe"= UDP:c:\pelit\warhamer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{8899C63A-1E4B-465C-A1FF-8E0153FA0355}c:\\pelit\\warhamer mark of chaos\\warhammer.exe"= TCP:c:\pelit\warhamer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{C17FE642-8785-4855-A708-722A2D716EBE}c:\\pelit\\rome total war\\rometw-bi.exe"= UDP:c:\pelit\rome total war\rometw-bi.exe:Rome: Total War - Barbarian Invasion
"UDP Query User{DE338622-7B4A-4AB0-9A3D-3B92879EA79E}c:\\pelit\\rome total war\\rometw-bi.exe"= TCP:c:\pelit\rome total war\rometw-bi.exe:Rome: Total War - Barbarian Invasion
"TCP Query User{C0433247-7A0D-4D19-B00A-F5AE63A03A03}c:\\pelit\\wolfenstein enemy territory\\et.exe"= UDP:c:\pelit\wolfenstein enemy territory\et.exe:ET
"UDP Query User{931ECAE6-440F-491A-8D5C-CD8F6E8BFF8C}c:\\pelit\\wolfenstein enemy territory\\et.exe"= TCP:c:\pelit\wolfenstein enemy territory\et.exe:ET
"TCP Query User{6DA5140E-7C54-4AAF-B368-240546D745E5}c:\\pelit\\theatre of war\\tow.exe"= UDP:c:\pelit\theatre of war\tow.exe:ToW
"UDP Query User{AF6AA5E1-5DB9-46A0-9E31-3063FD13D93E}c:\\pelit\\theatre of war\\tow.exe"= TCP:c:\pelit\theatre of war\tow.exe:ToW
"TCP Query User{3594B9CA-4271-4605-A813-4E61BB00F18F}c:\\pelit\\join operations typhoon rising\\jointops.exe"= UDP:c:\pelit\join operations typhoon rising\jointops.exe:Jointops
"UDP Query User{C0DE8BB3-BC29-46AF-8C5E-C60D8ACD9003}c:\\pelit\\join operations typhoon rising\\jointops.exe"= TCP:c:\pelit\join operations typhoon rising\jointops.exe:Jointops
"TCP Query User{1067F283-20F9-46BD-BC62-D99ABBEE396A}C:0\\allun jutut\\soulstorm\\soulstorm.exe"= UDP:C:0\allun jutut\soulstorm\soulstorm.exe:soulstorm.exe
"UDP Query User{5048B2AD-6EE5-43F7-BC48-B88EAE17EF97}C:0\\allun jutut\\soulstorm\\soulstorm.exe"= TCP:C:0\allun jutut\soulstorm\soulstorm.exe:soulstorm.exe
"TCP Query User{43E141B8-E080-4975-8BC6-9FB3BC1408D4}o:\\allun jutut\\soulstorm\\soulstorm.exe"= UDP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{7197D2D1-4492-409B-8E1F-84C3C7D284EA}o:\\allun jutut\\soulstorm\\soulstorm.exe"= TCP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"{2FBB67BD-4FF4-49C6-9680-423A641F71B1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{324E0B05-A1D0-42BC-BD33-7C442F6F7E4C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C9768131-97BC-4A1F-8455-F1A049951AE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A5872A0D-7F7F-42D9-8CD4-3CED3C5DAF7A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B0176A2E-DAA1-41C4-85B6-30F538A457F7}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"UDP Query User{07A1242A-48D5-4313-B09E-E8240A1D2A57}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader>
"TCP Query User{307EC918-17E0-41C8-BC57-DC2D08EB2476}c:\\pelit\\baldurs gate 2\\bgmain.exe"= UDP:c:\pelit\baldurs gate 2\bgmain.exe:Baldur's Gate II - Shadows of Amn
"UDP Query User{9EBB115D-1219-443F-82CB-1023D4909D4C}c:\\pelit\\baldurs gate 2\\bgmain.exe"= TCP:c:\pelit\baldurs gate 2\bgmain.exe:Baldur's Gate II - Shadows of Amn
"TCP Query User{752DD7B4-9C0F-4C8E-B56E-94EC790FDCDA}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{AAAD65D4-3CD0-4998-9EAF-B474D6ECA9CE}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{4A17877C-8923-4ABE-A142-EEE065C220BE}c:\\pelit\\gunz\\gunzlauncher.exe"= UDP:c:\pelit\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{88CCD4EE-FF47-4982-9EA9-D7BFB9D55833}c:\\pelit\\gunz\\gunzlauncher.exe"= TCP:c:\pelit\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{CB9195BD-B654-42E4-A838-1DBF6070CC66}c:\\pelit\\vietcong 2 demo\\vietcong2-online-demo\\vietcong2.exe"= UDP:c:\pelit\vietcong 2 demo\vietcong2-online-demo\vietcong2.exe:vietcong2
"UDP Query User{75497610-0E50-4F62-8CC8-72651387E80A}c:\\pelit\\vietcong 2 demo\\vietcong2-online-demo\\vietcong2.exe"= TCP:c:\pelit\vietcong 2 demo\vietcong2-online-demo\vietcong2.exe:vietcong2
"TCP Query User{3B76A7B0-F05D-472F-9634-1FB041E65E1D}c:\\pelit\\warcraft iii\\war3.exe"= UDP:c:\pelit\warcraft iii\war3.exe:Warcraft III
"UDP Query User{78683E2A-DE99-42CC-BF65-1867B0D2F48B}c:\\pelit\\warcraft iii\\war3.exe"= TCP:c:\pelit\warcraft iii\war3.exe:Warcraft III
"TCP Query User{C330E15B-081E-476C-B43F-02347CD4A89B}c:\\pelit\\warcraft iii 2\\war3.exe"= UDP:c:\pelit\warcraft iii 2\war3.exe:Warcraft III
"UDP Query User{62A4BFA3-FCCD-48D2-89DC-9428CBE912B0}c:\\pelit\\warcraft iii 2\\war3.exe"= TCP:c:\pelit\warcraft iii 2\war3.exe:Warcraft III
"TCP Query User{E1441B7C-8FF3-4828-BB1C-767F239101DA}c:\\pelit\\vietcong2\\vietcong2.exe"= UDP:c:\pelit\vietcong2\vietcong2.exe:vietcong2
"UDP Query User{6FEB77B7-E9BA-4D53-AC7B-0E1E1E742822}c:\\pelit\\vietcong2\\vietcong2.exe"= TCP:c:\pelit\vietcong2\vietcong2.exe:vietcong2
"TCP Query User{5AE2D704-B3DB-4F64-8973-27120E79D729}c:\\pelit\\joint operations\\jointops.exe"= UDP:c:\pelit\joint operations\jointops.exe:Jointops
"UDP Query User{B2D99A04-706D-4B6D-820B-BC3D1AD04D79}c:\\pelit\\joint operations\\jointops.exe"= TCP:c:\pelit\joint operations\jointops.exe:Jointops
"{47768FEB-AE1C-420E-9446-13E0BCD84A8D}"= UDP:c:\pelit\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4E29E3EB-8E82-4B3E-BB9C-542883572093}"= TCP:c:\pelit\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{9B6E3493-EFB7-47AA-BE00-5CFB2DFE1D5A}"= UDP:c:\pelit\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{7710FB92-A4FC-4EB2-B1D7-B062DE099EFA}"= TCP:c:\pelit\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{E64822F5-81E6-484E-BC40-8195905603FF}"= UDP:c:\pelit\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{5CFA7E26-5E17-40F5-A68C-C07D6416BFD7}"= TCP:c:\pelit\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{27815607-49F3-40BE-82BE-7FF3CC951664}"= UDP:c:\pelit\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{E9B3E318-11FA-4FB1-93E6-B12278CA7417}"= TCP:c:\pelit\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{B1CFEE69-DAEF-4D68-84F8-C4B7A53D931B}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{99123950-E16E-422D-B56D-6CC658D83EE2}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{A8CE0CED-DEF7-4265-A3DE-529A87ADF945}"= UDP:\allun jutut\Age of empires 3\age3x.exe:Age of Empires III - The WarChiefs
"{6C1E2F30-6EF9-46D4-8260-5FCC70D3B786}"= TCP:\allun jutut\Age of empires 3\age3x.exe:Age of Empires III - The WarChiefs
"TCP Query User{C0AC413A-0A8B-4D8F-B678-812D53F2F5DB}c:\\pelit\\company of heroes\\archive.exe"= UDP:c:\pelit\company of heroes\archive.exe:Archive
"UDP Query User{02A24A51-654A-4592-8A1C-446FFA471722}c:\\pelit\\company of heroes\\archive.exe"= TCP:c:\pelit\company of heroes\archive.exe:Archive
"{DB3F79BC-BAD1-49DD-8347-100FEF9B67DD}"= UDP:c:\pelit\Call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E1EDAE40-9795-4C00-937A-50BDE14DAE2B}"= TCP:c:\pelit\Call of duty 4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7F98F764-2F42-4DE7-9F90-280FFD6BB061}c:\\pelit\\close combat invasion normandy\\cc5.exe"= UDP:c:\pelit\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"UDP Query User{B2234246-B7D0-485F-AB73-B70DC88D0F2E}c:\\pelit\\close combat invasion normandy\\cc5.exe"= TCP:c:\pelit\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"TCP Query User{E4803322-2918-475A-901E-371BC624B2E1}o:\\arma\\arma.exe"= UDP:\arma\arma.exe:ArmA
"UDP Query User{922C433D-2590-4075-9966-42FF1FC9CD66}o:\\arma\\arma.exe"= TCP:\arma\arma.exe:ArmA
"TCP Query User{DE72187F-4B27-479F-B04C-CFD5F0DAAF67}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\fireguns 1.3\\hl.exe"= UDP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\fireguns 1.3\hl.exe:Half-Life Launcher
"UDP Query User{B0C9E378-719C-4E3C-AA75-17F67139BB59}c:\\program files\\steam\\steamapps\\frozenflame@jippii.fi\\half-life\\fireguns 1.3\\hl.exe"= TCP:c:\program files\steam\steamapps\frozenflame@jippii.fi\half-life\fireguns 1.3\hl.exe:Half-Life Launcher
"TCP Query User{320B6A53-FAC0-475F-8C20-01055B3B221B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{CBFB602A-0984-4C61-9114-0916F4FD6310}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{EC9CFC24-CBEC-40D8-9C23-698CCA5C9588}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{68FE1F1E-7E53-418A-8351-D91F3FAC3504}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{96529AF6-C427-4332-8FE7-DC1DD988959D}c:\\pelit\\cs 1.6 non steam\\hl.exe"= UDP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"UDP Query User{1CFEC60E-7826-4B35-ABA6-ED38FAE135DF}c:\\pelit\\cs 1.6 non steam\\hl.exe"= TCP:c:\pelit\cs 1.6 non steam\hl.exe:Half-Life Launcher
"{6ACC0AA7-20F9-45E5-A267-72A0387019E7}"= UDP:c:\pelit\Woeld in Conflict\wic.exe:World in Conflict
"{38A39D0E-BFAF-4246-B985-54C6C96C9340}"= TCP:c:\pelit\Woeld in Conflict\wic.exe:World in Conflict
"{26FF9432-7258-40B7-A534-7A43A197F000}"= UDP:c:\pelit\Woeld in Conflict\wic_online.exe:World in Conflict - Online Only
"{79B7B960-11B6-4221-987B-74CD446C17D4}"= TCP:c:\pelit\Woeld in Conflict\wic_online.exe:World in Conflict - Online Only
"{C3B2453D-8940-46CC-89E4-918A49784AEA}"= UDP:c:\pelit\Woeld in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{CB5DC3E9-E053-419D-B548-3B4473DE26E9}"= TCP:c:\pelit\Woeld in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{541CDC72-17FA-43F3-B2C9-5B5190A366C9}c:\\pelit\\world in conflict\\wic.exe"= UDP:c:\pelit\world in conflict\wic.exe:World in Conflict
"UDP Query User{FB8A68CC-D792-443F-92ED-9DEBDA9DAB20}c:\\pelit\\world in conflict\\wic.exe"= TCP:c:\pelit\world in conflict\wic.exe:World in Conflict
"TCP Query User{108ACDCD-50E1-4843-94A3-48B3D501855D}c:\\pelit\\starcraft\\starcraft.exe"= UDP:c:\pelit\starcraft\starcraft.exe:StarCraft
"UDP Query User{D3AC8AA4-569C-4265-99D8-C9B9597D645F}c:\\pelit\\starcraft\\starcraft.exe"= TCP:c:\pelit\starcraft\starcraft.exe:StarCraft
"TCP Query User{C189AE72-9FCB-4A87-9773-74802F0D7216}c:\\pelit\\making history\\bin\\makehist.exe"= UDP:c:\pelit\making history\bin\makehist.exe:Making History Client Application
"UDP Query User{38CD34D0-D73D-493C-8CDC-21C3B4319ABC}c:\\pelit\\making history\\bin\\makehist.exe"= TCP:c:\pelit\making history\bin\makehist.exe:Making History Client Application
"TCP Query User{5511C981-0518-4275-AEBE-71097BA482BD}o:\\rainbow six vegas\\binaries\\r6vegasserver.exe"= UDP:\rainbow six vegas\binaries\r6vegasserver.exe:R6VegasServer
"UDP Query User{EE6C2B46-2D79-4D44-941B-02554F6C3E6D}o:\\rainbow six vegas\\binaries\\r6vegasserver.exe"= TCP:\rainbow six vegas\binaries\r6vegasserver.exe:R6VegasServer
"TCP Query User{AFD3A14F-D68C-45B7-BA20-91C4A5CE8F3E}o:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{663C4DBA-19A0-4243-AC3E-4781D3511CAA}o:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{D14BB83D-4D62-4C92-AC23-E8913F18DBBF}C:0\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:0\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"UDP Query User{F232FE26-D318-455F-A183-4FA1EE24A238}C:0\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:0\rainbow six vegas\binaries\r6vegas_game.exe:r6vegas_game.exe
"TCP Query User{7FCB5A9B-32CB-45A6-9938-B95CAC93CFF6}c:\\pelit\\cossack 2\\gsc game world\\cossacks ii\\data\\engine.exe"= UDP:c:\pelit\cossack 2\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"UDP Query User{EDABA1B2-0BBF-47DC-A864-D5449CD73647}c:\\pelit\\cossack 2\\gsc game world\\cossacks ii\\data\\engine.exe"= TCP:c:\pelit\cossack 2\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"TCP Query User{DDB2D78F-637B-4B78-859C-915BABC75DD0}c:\\pelit\\tactical ops assault on terror\\system\\tacticalops.exe"= UDP:c:\pelit\tactical ops assault on terror\system\tacticalops.exe:TacticalOps
"UDP Query User{7AAF5251-84CC-4498-8966-A572CCC510BA}c:\\pelit\\tactical ops assault on terror\\system\\tacticalops.exe"= TCP:c:\pelit\tactical ops assault on terror\system\tacticalops.exe:TacticalOps
"{6C3EB919-2549-4E99-9981-574EB0C215E2}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{4D943165-D235-4945-80C4-8A038B023B3E}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager
"{87084EA9-D42A-41AA-9972-62C9F025A3FE}"= UDP:c:\pelit\Combat Arms EU\NMService.exe:Nexon Messenger Core
"{AA2D3645-D726-499B-8789-94915BAF0EF1}"= TCP:c:\pelit\Combat Arms EU\NMService.exe:Nexon Messenger Core
"TCP Query User{BDBC4997-7F70-413F-AC33-D71C64FDBED7}c:\\pelit\\left4dead\\hl2.exe"= UDP:c:\pelit\left4dead\hl2.exe:hl2
"UDP Query User{22DDA069-9B57-425B-B401-C0C40CEE65C1}c:\\pelit\\left4dead\\hl2.exe"= TCP:c:\pelit\left4dead\hl2.exe:hl2
"TCP Query User{E123FE6D-8D80-402A-9C79-88CD34E66F54}c:\\pelit\\left4dead\\left4dead.exe"= UDP:c:\pelit\left4dead\left4dead.exe:left4dead
"UDP Query User{B0CC0B47-4E7E-49AF-8E09-16D0B465D9E4}c:\\pelit\\left4dead\\left4dead.exe"= TCP:c:\pelit\left4dead\left4dead.exe:left4dead
"TCP Query User{B3AA3DE5-ABCD-400C-BE44-4C0661B16A37}c:\\users\\luomala\\downloads\\sc2-battlereport-1_esrb-downloader.exe"= UDP:c:\users\luomala\downloads\sc2-battlereport-1_esrb-downloader.exe:sc2-battlereport-1_esrb-downloader.exe
"UDP Query User{08E05937-91BB-4980-B6E2-69827376EE66}c:\\users\\luomala\\downloads\\sc2-battlereport-1_esrb-downloader.exe"= TCP:c:\users\luomala\downloads\sc2-battlereport-1_esrb-downloader.exe:sc2-battlereport-1_esrb-downloader.exe
"TCP Query User{A11E41D2-0DB8-4FF5-A00F-78A3253ACDD0}c:\\pelit\\america's army\\aadeployclient.exe"= UDP:c:\pelit\america's army\aadeployclient.exe:AADeployClient
"UDP Query User{7D6A46AB-B94E-4E83-8C0F-9A93D1D70186}c:\\pelit\\america's army\\aadeployclient.exe"= TCP:c:\pelit\america's army\aadeployclient.exe:AADeployClient
"TCP Query User{DCADCF8D-C0E8-4377-AE31-A96CEEBB15F5}c:\\pelit\\america's army\\system\\armyops.exe"= UDP:c:\pelit\america's army\system\armyops.exe:ArmyOps
"UDP Query User{F7587652-F276-4971-A3BB-9F1A8B5DD3F4}c:\\pelit\\america's army\\system\\armyops.exe"= TCP:c:\pelit\america's army\system\armyops.exe:ArmyOps
"TCP Query User{33F400CE-60E3-4BD0-B176-29E2940F5200}c:\\pelit\\company of heroes\\reliccoh.exe"= UDP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{5B354D3A-9F51-49B8-8788-48908A913DCC}c:\\pelit\\company of heroes\\reliccoh.exe"= TCP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{FA38CE2B-5230-4054-98D2-529741DBFC4B}c:\\pelit\\company of heroes\\bugreport\\bugreport.exe"= UDP:c:\pelit\company of heroes\bugreport\bugreport.exe:BugReport
"UDP Query User{04B479CC-A944-4521-B9EA-9327BFEAA77E}c:\\pelit\\company of heroes\\bugreport\\bugreport.exe"= TCP:c:\pelit\company of heroes\bugreport\bugreport.exe:BugReport
"TCP Query User{84EBB90C-E6FF-4985-B886-CDCD87EE387A}c:\\pelit\\warhammer mark of chaos\\warhammer.exe"= UDP:c:\pelit\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"UDP Query User{B3E5FC51-BF7D-4744-B937-236A84D98825}c:\\pelit\\warhammer mark of chaos\\warhammer.exe"= TCP:c:\pelit\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™
"TCP Query User{F5E09855-BCF5-463E-BA8B-8AE0C0128FF9}c:\\users\\luomala\\appdata\\local\\temp\\patcher\\updater.exe"= UDP:c:\users\luomala\appdata\local\temp\patcher\updater.exe:updater.exe
"UDP Query User{91EF6B47-30B9-4988-802F-17B8A5F6E53E}c:\\users\\luomala\\appdata\\local\\temp\\patcher\\updater.exe"= TCP:c:\users\luomala\appdata\local\temp\patcher\updater.exe:updater.exe
"{303FD8ED-85B1-4368-917A-9EE53D233A15}"= UDP:c:\pelit\Battlefield 2\BF2.exe:Battlefield 2
"{CD62EAD8-F65E-4FEC-9BC4-5E7754097850}"= TCP:c:\pelit\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{64ADC18F-BA95-457A-892D-E6AA68F63191}c:\\pelit\\ghost recon advanced warfighter demo\\graw_demo.exe"= UDP:c:\pelit\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
"UDP Query User{DE1E15A6-3574-48AB-97DF-DED99081B6CE}c:\\pelit\\ghost recon advanced warfighter demo\\graw_demo.exe"= TCP:c:\pelit\ghost recon advanced warfighter demo\graw_demo.exe:GRAW_demo
"TCP Query User{98C575AD-C23B-491A-A7B5-2858B4DF32CB}c:\\pelit\\multiwinia\\multiwinia.exe"= UDP:c:\pelit\multiwinia\multiwinia.exe:multiwinia
"UDP Query User{01C52F0F-7BC4-4B2E-AD4A-260188C1BFAC}c:\\pelit\\multiwinia\\multiwinia.exe"= TCP:c:\pelit\multiwinia\multiwinia.exe:multiwinia
"{BD09505D-4EFA-4C3E-B943-614E257ACBD0}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi
"{38D7B41E-86BB-4916-9673-835B609B68AC}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi
"TCP Query User{CE328C07-E1F0-4090-9CB5-84E1CEFB8ACE}p:\\allun jutut\\soulstorm\\soulstorm.exe"= UDP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{C62F60B4-9A20-4729-A76E-F94DBCB3DA8A}p:\\allun jutut\\soulstorm\\soulstorm.exe"= TCP:\allun jutut\soulstorm\soulstorm.exe:Soulstorm
"{13CB190F-9068-40E5-A491-5C873F974FF3}"= UDP:c:\pelit\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{BD6C3612-99D4-4D5A-9BAB-D88AAFE2D41E}"= TCP:c:\pelit\Battlefield 2142 Demo\BF2142.exe:Battlefield 2
"{CB6DEA49-BDA1-4331-AD91-C00BF3D9CC56}"= UDP:c:\pelit\Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F5DCE785-E6AE-4D45-AB4C-D0AE7A67EDDC}"= TCP:c:\pelit\Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{6E21159D-B87B-42EF-8E45-311943E275FE}"= UDP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{4E89709B-DAB9-4B08-89A3-6D6F5ED59637}"= TCP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{76247282-631D-44A7-B89A-44BE4A092176}"= UDP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{7B99F820-A2AC-433F-B264-DEB88F9B848E}"= TCP:c:\pelit\Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4BFB93D3-034A-4CAC-8EF6-611041C61BD6}"= UDP:c:\pelit\Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{84FBE261-29A1-4278-A212-8A62669F8A64}"= TCP:c:\pelit\Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{E6C4E6D6-B559-44FB-A159-5627D0E9762B}"= UDP:c:\pelit\Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{EF74EFB8-9A1E-40FC-AF74-15522FF441AD}"= TCP:c:\pelit\Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"TCP Query User{A9E0E6E3-82B2-44FC-8DC0-2BC47FDF8057}c:\\pelit\\company of heroes\\reliccoh.exe"= UDP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{1ED47BFF-CDCD-4AF4-BBC6-ADFF6DA1DB84}c:\\pelit\\company of heroes\\reliccoh.exe"= TCP:c:\pelit\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{1C50AFA7-9919-4543-ACFF-138F58D07462}p:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{D6C73AF6-7C4C-4BF1-8C4F-183401D4EFC4}p:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"{7EAE5833-0EE4-48DD-B9D0-36F5F7CF7FAA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ABB90B6E-05B1-4135-832B-0CE990E2BDA9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-01-23 45648]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-02-24 43816]
R2 fsssvc;Windows Live OneCare – perheturva;c:\program files\Windows Live\Perheturva\fsssvc.exe [2007-12-17 523816]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-02-26 493568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-04 38496]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009\RpcAgentSrv.exe [2008-11-23 98488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7b26b4-6b05-11dd-ae06-001a92294dc4}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7b26b9-6b05-11dd-ae06-001a92294dc4}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7b26bb-6b05-11dd-ae06-001a92294dc4}]
\shell\AutoRun\command - M:\avp2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7bbb51-cb64-11dc-8801-001a92294dc4}]
\shell\AutoRun\command - j:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7bbb8a-cb64-11dc-8801-001a92294dc4}]
\shell\AutoRun\command - N:\Autorun.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2008-02-02 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://finnish.toggle.com/index.php?rvs=hompag
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\users\Luomala\AppData\Roaming\Mozilla\Firefox\Profiles\k031zjrw.default\
FF - component: c:\program files\Mozilla Firefox\components\MGSHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Luomala\AppData\Roaming\Mozilla\Firefox\Profiles\k031zjrw.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\users\Luomala\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 15:39:35
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2009-03-05 15:41:03
ComboFix-quarantined-files.txt 2009-03-05 13:40:57
ComboFix2.txt 2009-03-05 06:04:48

Ennen ajoa: 50,266,845,184 tavua vapaana
Ajon jälkeen: 50,232,250,368 tavua vapaana

451 --- E O F --- 2009-02-27 05:59:27

 

Poista lisää poista sovelutuksesta

free-downloads.net Toolbar

Poista kansio

C:\Program Files\free-downloads.net

===========

kirjoita suorita luukkuun

ComboFix /u

Klikkaaa OK

===========

scannaa uusi hjt:n loki

=============

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

Avast suoritti tarkistuksen, ja puhdasta näytti, ja tila on palannut. Että kiitosta vaan paljon Hujolle