Media Center -virus, jota torjuntaohjelmat eivät löydä

sansuli · 25.01.2012

Hei, ajattelin nyt kysellä hieman apua, kun koneeseen iski Media Centerin avaava virus. Mitä tahansa .exe -tiedostoa tai mitään muutakaan, jolla pääsisi käsiksi viruksen poistamiseen ei pysty avaamaan kyseiseltä käyttäjätililtä. Tein toisen käyttäjätilin ja vaihdoin järjestelmänvalvoja -oikeudet tälle tilille, joka toimii ihan moitettoomasti. Käynnistin koneen safe modella, mutta virus oli edelleen tuolla toisella käyttäjätunnuksella eli päässyt ilmeisesti aika pitkälle koneen ytimeen. Tässä olisi raportit sekä viruksen haltuunottamalta käyttäjätililtä että tältä toimivalta tililtä, ainoa eroavaisuus oli että toimivalta löytyi nämä:

C:\Program Files (x86)\Malwarebytes’ Anti-Malware\Chameleon\mbam-chameleon.pif
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbam.exe

ja siinä ei ollut näitä, jotka näkyivät toimimattoman raportissa:

C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv

En ole mitenkään erityisen hyvä näissä viruksentorjunta -asioissa, joten en pahemmin ole uskaltanut tiedostoja lähteä poistamaan muuta kuin veljen kehotuksesta. Koneessa on käytetty malware -ohjelma eikä se löydä virusta. Kiitoksia kaikesta avusta!

Koodi:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by sanna1 at 1:45:37 on 2012-01-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4077.2119 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Sanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Sanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\eHome\ehshell.exe
C:\Users\Sanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 193.229.0.40 193.229.0.42
TCP: Interfaces\{9613FDC4-DE7C-4241-A548-EEFA06ACDD1D} : DhcpNameServer = 193.229.0.40 193.229.0.42
TCP: Interfaces\{9613FDC4-DE7C-4241-A548-EEFA06ACDD1D}\C696E6B6379737 : DhcpNameServer = 74.84.103.202
TCP: Interfaces\{9613FDC4-DE7C-4241-A548-EEFA06ACDD1D}\E4564776561627 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA609D72-8482-4076-8991-8CDAE5B93BCB}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sanna1\AppData\Roaming\Mozilla\Firefox\Profiles\aedy1aq8.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-25 652872]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-28 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-21 17152]
R3 mbamchameleon;mbamchameleon;\??\C:\windows\system32\drivers\mbamchameleon.sys --> C:\windows\system32\drivers\mbamchameleon.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Päivitä-palvelu (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-1 136176]
S3 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-1 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2074-05-18 15:44:52 607296 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-01-24 23:37:39 29808 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2012-01-24 22:24:23 -------- d-----w- C:\Users\sanna1\AppData\Roaming\Malwarebytes
2012-01-24 22:24:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-24 22:24:16 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-01-24 22:24:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-24 22:22:30 -------- d-----w- C:\Users\sanna1\AppData\Local\Mozilla
2012-01-24 22:22:16 -------- d-----w- C:\Users\sanna1\AppData\Local\Power2Go
2012-01-24 11:14:49 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B69DC69B-47C0-4FCF-9585-0555EF5AC61B}\offreg.dll
2012-01-24 07:55:58 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B69DC69B-47C0-4FCF-9585-0555EF5AC61B}\mpengine.dll
2012-01-15 19:18:41 -------- d-----w- C:\ProgramData\Premium
2012-01-15 19:18:39 -------- d-----w- C:\ProgramData\InstallMate
2012-01-11 09:14:35 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 09:14:35 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 09:14:35 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 09:14:35 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 09:14:34 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 09:14:34 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 09:14:32 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 09:14:32 67072 ----a-w- C:\windows\SysWow64\packager.dll
2011-12-27 16:58:49 34304 ------r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
.
==================== Find3M ====================
.
2012-01-11 19:55:40 952 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys
2012-01-07 19:24:23 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-23 20:46:04 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-21 09:06:49 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-12-21 09:06:48 16432 ----a-w- C:\windows\System32\lsdelete.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-15 12:29:56 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-11-01 23:22:00 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll
2011-11-01 23:21:59 505128 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-11-01 23:21:59 353576 ----a-w- C:\windows\SysWow64\msvcr71.dll
.

Koodi:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_29
Run by sanna1 at 1:42:34 on 2012-01-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1035.18.4077.2049 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Sanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Sanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\eHome\ehshell.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.pif
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Sanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Lähetä kuva &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Lähetä sivu &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 193.229.0.40 193.229.0.42
TCP: Interfaces\{9613FDC4-DE7C-4241-A548-EEFA06ACDD1D} : DhcpNameServer = 193.229.0.40 193.229.0.42
TCP: Interfaces\{9613FDC4-DE7C-4241-A548-EEFA06ACDD1D}\C696E6B6379737 : DhcpNameServer = 74.84.103.202
TCP: Interfaces\{9613FDC4-DE7C-4241-A548-EEFA06ACDD1D}\E4564776561627 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA609D72-8482-4076-8991-8CDAE5B93BCB}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sanna1\AppData\Roaming\Mozilla\Firefox\Profiles\aedy1aq8.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-25 652872]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-28 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-21 17152]
R3 mbamchameleon;mbamchameleon;\??\C:\windows\system32\drivers\mbamchameleon.sys --> C:\windows\system32\drivers\mbamchameleon.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Päivitä-palvelu (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-1 136176]
S3 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-1 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2074-05-18 15:44:52	607296	------w-	C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2012-01-24 23:37:39	29808	----a-w-	C:\windows\System32\drivers\mbamchameleon.sys
2012-01-24 22:24:23	--------	d-----w-	C:\Users\sanna1\AppData\Roaming\Malwarebytes
2012-01-24 22:24:17	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-01-24 22:24:16	23152	----a-w-	C:\windows\System32\drivers\mbam.sys
2012-01-24 22:24:16	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-24 22:22:30	--------	d-----w-	C:\Users\sanna1\AppData\Local\Mozilla
2012-01-24 22:22:16	--------	d-----w-	C:\Users\sanna1\AppData\Local\Power2Go
2012-01-24 11:14:49	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B69DC69B-47C0-4FCF-9585-0555EF5AC61B}\offreg.dll
2012-01-24 07:55:58	8602168	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B69DC69B-47C0-4FCF-9585-0555EF5AC61B}\mpengine.dll
2012-01-15 19:18:41	--------	d-----w-	C:\ProgramData\Premium
2012-01-15 19:18:39	--------	d-----w-	C:\ProgramData\InstallMate
2012-01-11 09:14:35	514560	----a-w-	C:\windows\SysWow64\qdvd.dll
2012-01-11 09:14:35	366592	----a-w-	C:\windows\System32\qdvd.dll
2012-01-11 09:14:35	1572864	----a-w-	C:\windows\System32\quartz.dll
2012-01-11 09:14:35	1328128	----a-w-	C:\windows\SysWow64\quartz.dll
2012-01-11 09:14:34	1731920	----a-w-	C:\windows\System32\ntdll.dll
2012-01-11 09:14:34	1292080	----a-w-	C:\windows\SysWow64\ntdll.dll
2012-01-11 09:14:32	77312	----a-w-	C:\windows\System32\packager.dll
2012-01-11 09:14:32	67072	----a-w-	C:\windows\SysWow64\packager.dll
2011-12-27 16:58:49	34304	------r-	C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
.
==================== Find3M  ====================
.
2012-01-11 19:55:40	952	--sha-w-	C:\windows\SysWow64\KGyGaAvL.sys
2012-01-07 19:24:23	414368	----a-w-	C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-23 20:46:04	178800	----a-w-	C:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-21 09:06:49	55384	----a-w-	C:\windows\System32\drivers\SBREDrv.sys
2011-12-21 09:06:48	16432	----a-w-	C:\windows\System32\lsdelete.exe
2011-11-24 04:52:09	3145216	----a-w-	C:\windows\System32\win32k.sys
2011-11-17 06:49:14	95600	----a-w-	C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14	152432	----a-w-	C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43	459232	----a-w-	C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28	395776	----a-w-	C:\windows\System32\webio.dll
2011-11-17 06:35:26	29184	----a-w-	C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26	136192	----a-w-	C:\windows\System32\sspicli.dll
2011-11-17 06:35:25	340992	----a-w-	C:\windows\System32\schannel.dll
2011-11-17 06:35:25	28160	----a-w-	C:\windows\System32\secur32.dll
2011-11-17 06:35:19	1447936	----a-w-	C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55	31232	----a-w-	C:\windows\System32\lsass.exe
2011-11-17 05:35:02	314880	----a-w-	C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52	224768	----a-w-	C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52	22016	----a-w-	C:\windows\SysWow64\secur32.dll
2011-11-17 05:28:48	96768	----a-w-	C:\windows\SysWow64\sspicli.dll
2011-11-15 12:29:56	270720	------w-	C:\windows\System32\MpSigStub.exe
2011-11-05 05:32:50	2048	----a-w-	C:\windows\System32\tzres.dll
2011-11-05 04:26:03	2048	----a-w-	C:\windows\SysWow64\tzres.dll
2011-11-01 23:22:00	29480	----a-w-	C:\windows\SysWow64\msxml3a.dll
2011-11-01 23:21:59	505128	----a-w-	C:\windows\SysWow64\msvcp71.dll
2011-11-01 23:21:59	353576	----a-w-	C:\windows\SysWow64\msvcr71.dll
.
============= FINISH:  1:43:04,90 ===============

AfterDawn

Pikkis123 · 28.01.2012

Terve. Jos epäilet, että koneessasi on virus, niin skannaa koneesi näillä:

Hitman Pro 3.6 ( http://www.surfright.nl/en/downloads ) (Sinun pitää tietää onko koneesi 32 vai 64 bittinen!)
Malwarebytes Antimalware (http://www.download.fi/tietoturva/haittaohjelmien_poisto/malwarebytes_anti-malware.cfm )
Superantispyware free edition ( http://www.superantispyware.com/download.html )

(Huomio!! Älä skannaa päälekkäin!!)

Kirjaudu tai liity jäseneksi

Media Center -virus, jota torjuntaohjelmat eivät löydä

sansuli Member

Pikkis123 Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Media Center -virus, jota torjuntaohjelmat eivät löydä

sansuli Member

Pikkis123 Regular member

Jaa tämä sivu

Hyödyllisiä hakuja