3wplayer, ikke last ned!

turbojomar · 23. mai 2007

Jge var saa dum at jeg lastet ned 3wplayer for aa se siste sopranos episode. Videofilen ser ut som en hvilken som hels DivX, men naar den spilles av i en vanlig mediespiller ber den deg gaa til en nettside for aa laste ned en annen spiller. Sopranos-iveren tok overhand og naa har jeg en drittprosess som heter "Hide close part.exe" som bruker masse cpu (50%, en av to kjerner hos meg).

Skal proeve http://www.superantispyware.com/ som jeg las om i en annen post.

Andre som har vaert borti dette?

norbat · 23. mai 2007

Etter en runde med superantispyware kan du hente NoLop.exe, legg det på skrivebordet.

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

Hent deretter Hijackthis, legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

turbojomar · 24. mai 2007

Takk norbat, skal huske de to.

I dette tilfellet gjorde superantispyware en super jobb og jeg er kvitt problemet.

norbat · 24. mai 2007

Oppfordrer deg allikevel til å lage en hijackthis-logg. Denne kan fortelle om det må noen flere grep for at pc'n skal bli spywarefri

Wooho · 20. juni 2007

He he, la inn 3wplayer inne i Google søkemotoren og det første som dukket opp var denne posten. Da holder jeg meg unna spilleren. Fikk beskjed at TMNT ikke kunne spilles av i noen andre spillere enn kun 3wplayer.

Barry White · 24. august 2007

Ditto

mhsalangli · 16. september 2007

men hvordan skal man liksom få tak i noe som klarer å spille av disse filmene? dette er ekstremt frustrerende

norbat · 16. september 2007

Kanskje VLC er et alternativ?

Barry White · 17. september 2007

filmer som kommer med 3wplayer er det mange kaller en fake

Morten58 · 4. oktober 2007

Unngå opplagte løsninger ? Mer fake ?

Jeg sjekket løsninger for et annet forum i denne saken (ItPro). 3WPLAYER, PLAY3W eller DIVOCODEC inneholder malware. Det flommer over av advarsler i ulike forum på nettet.

Trojan:

I følge Wikipedia er 3wplayer infisert med Trojan.Win32.obfuscated.en - sjekk Wikipedia i denne linken: http://en.wikipedia.org/wiki/3wplayer

Fake løsning ?

En "løsning" tilbys høyt oppe på søkelisten i Google - NO.PCTHREAT.COM.

Jeg bruker McAfee Site Advisor, og reagerte på at ingen av nettstedene som tilhørte PCthreat noensinne var blitt testet der.

Fra samme firma ?

En nærmere sjekk av PCthreat.com viste tilknytning / lisens till et firma i USA.

Sjekk av 3WPLAY.COM viste tilknytning / lisens til samme firma.

Jeg har bevisst holdt tilbake navn på firmaet i dette innlegget for å unngå brudd på regler i søkeverktøyet jeg brukte.

Det virker som om samme firma både lager malware og er aktive i å markedsføre løsninger ?

Kjente kopier av nettstedet:

pcthreat.com - no.pcthreat.com - de.pcthreat.com - fr.pcthreat.com

Noen som kjenner til andre kopier ?

Kjente kopier av 3WPlayer:

PLAYON.PLAY3W - PLAY3W - 3WPLAYER - PLAY.DIVOCODEC

Noen som kjenner andre kopier ?

Link til McAfee Site Analyzer ang. PCTHREAT (mulig at det kun er mitt innlegg der foreløpig, men ...):

http://www.siteadvisor.com/sites/pcthreat....t_type=IEPlugin

Opedal · 20. oktober 2007

Var det dette jeg skulle poste...skjønte ikke helt det der...uannsett så har jeg fortsatt problemer:(

Logfile of HijackThis v1.99.1

Scan saved at 21:48:15, on 20.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Spyware Doctor\svcntaux.exe

C:\Programfiler\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Spyware Doctor\SDTrayApp.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\stealthp.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\PowerISO\PWRISOVM.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Morten\Skrivebord\NoLop.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [stealthPlug Control Panel] "C:\WINDOWS\system32\stealthp.exe" -min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Programdata\great coal love default\Creative free.exe

O4 - HKLM\..\Run: [sDTray] "C:\Programfiler\Spyware Doctor\SDTrayApp.exe"

O4 - HKCU\..\Run: [Axis Bags] C:\DOCUME~1\Morten\PROGRA~1\BINDBR~1\Audio Drive Bat.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192273110921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192273085781

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\swdsvc.exe

Etter at jeg lastet ned 3wplayer, så fikk jeg problemer med at internett explorer stadig popper opp med reklame, og når jeg surfer i Opera så får jeg forespørsel om å laste ned en fil...I prosseser står det alltid 2 iexplore.exe...hvis jeg fjerner noen av dem kommer de tilbake med en gang...Er dette vanlig?? og hvordan fikser man det??

slik ser det ut når jeg får spørsmål om å laste ned en fil...

norbat · 20. oktober 2007

Hvis du ikke har kjørt NoLop, gjør du det:

Hent NoLop.exe, legg det på skrivebordet.

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Programdata\great coal love default\Creative free.exe

O4 - HKCU\..\Run: [Axis Bags] C:\DOCUME~1\Morten\PROGRA~1\BINDBR~1\Audio Drive Bat.exe

Bruk utforsker til å finne og slett følgende to mapper (i fet)

C:\Documents and Settings\All Users\Programdata\great coal love default

C:\DOCUME~1\Morten\PROGRA~1\BINDBR~1 (~1= forkortelse. Finn ei mappe som begynner på BIND..... og som det ligger en fil ved navn Audio Driver Bat.exe)

Hvis du ikke får slettet dem, må du restarte PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus).

Når du har gjort dette, fortsetter du med:

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt) + ny hjt-logg.

Opedal · 20. oktober 2007

Tusen takk..skal prøve dette;)

Opedal · 20. oktober 2007

Her er fra ComboFix:

ComboFix 07-10-20.6 - Morten 2007-10-20 22:42:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1049 [GMT 2:00]

Running from: C:\Documents and Settings\Morten\Skrivebord\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))

.

2007-10-20 22:40 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-20 22:35 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2007-10-20 22:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2007-10-20 22:35 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2007-10-20 22:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2007-10-20 22:35 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2007-10-20 22:35 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2007-10-20 22:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2007-10-20 22:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2007-10-20 22:35 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2007-10-20 22:35 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2007-10-20 22:28 106 --a------ C:\delete.bat

2007-10-20 21:47 <DIR> d-------- C:\Program Files

2007-10-20 21:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-10-20 21:34 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\SUPERAntiSpyware.com

2007-10-20 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-10-20 14:07 <DIR> d-------- C:\Programfiler\Spyware Doctor

2007-10-20 14:07 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\PC Tools

2007-10-20 14:07 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2007-10-20 14:07 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-10-20 14:07 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2007-10-20 14:07 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2007-10-20 14:07 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2007-10-20 14:07 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2007-10-20 12:27 <DIR> C:\Documents and Settings\Morten\Siste

2007-10-19 23:26 <DIR> d-------- C:\Programfiler\Bind Browse Pure

2007-10-13 13:04 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-10-09 22:23 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-10-09 22:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-10-09 22:23 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-10-09 22:23 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-09-25 19:52 <DIR> d-------- C:\Documents and Settings\Morten\Programdata\fretsonfire

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-20 19:33 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-10-20 18:52 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-10-20 18:50 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-10-20 12:49 --------- d-----w C:\Programfiler\DAEMON Tools

2007-10-20 11:52 --------- d-----w C:\Programfiler\Java

2007-10-18 16:24 --------- d-----w C:\Programfiler\Winamp

2007-10-17 20:41 --------- d-----w C:\Documents and Settings\Morten\Programdata\LimeWire

2007-10-13 16:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2007-09-19 20:35 --------- d-----w C:\Documents and Settings\Morten\Programdata\SecondLife

2007-09-19 14:25 --------- d-----w C:\Programfiler\SecondLife

2007-09-17 19:01 --------- d-----w C:\Programfiler\MSN Messenger

2007-09-17 11:34 --------- d-----w C:\Programfiler\CLUE

2007-09-16 20:45 --------- d-----w C:\Programfiler\Ventrilo

2007-09-16 20:12 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-09-16 20:10 --------- d-----w C:\Documents and Settings\Morten\Programdata\AdobeUM

2007-09-14 17:17 --------- d-----w C:\Programfiler\UltraStar

2007-09-08 18:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet

2007-09-08 16:56 --------- d-----w C:\Programfiler\Bonjour

2007-09-08 16:55 --------- d-----w C:\Documents and Settings\Morten\Programdata\Apple Computer

2007-09-08 16:46 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared

2007-09-08 09:12 --------- d-----w C:\Programfiler\Fellesfiler\Adobe Systems Shared

2007-09-07 16:33 --------- d-----w C:\Programfiler\PowerISO

2007-09-06 18:28 --------- d-----w C:\Programfiler\QuickTime

2007-09-06 18:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-09-06 18:26 --------- d-----w C:\Programfiler\Apple Software Update

2007-09-06 18:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2007-08-25 10:48 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-08-22 15:14 --------- d-----w C:\Programfiler\MSBuild

2007-08-22 15:14 --------- d-----w C:\Programfiler\Microsoft Works

2007-08-22 15:12 --------- d-----w C:\Programfiler\Microsoft.NET

2007-08-22 15:11 --------- d-----w C:\Programfiler\Microsoft Visual Studio 8

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-20 16:35 --------- d-----w C:\Programfiler\Fellesfiler\Ahead

2007-08-20 16:34 --------- d-----w C:\Programfiler\Nero

2007-08-20 16:34 --------- d-----w C:\Documents and Settings\Morten\Programdata\Ahead

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-30 17:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-28 03:37 8,237,056 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-07-28 03:31 344,064 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-07-28 03:30 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-07-28 03:24 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-07-28 03:23 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-07-28 03:23 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-07-28 03:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-07-28 03:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-07-28 03:22 118,784 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-07-28 03:21 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-07-28 03:20 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-07-28 03:12 3,067,712 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-07-28 03:06 176,128 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-07-28 03:01 1,550,208 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-07-28 02:50 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-07-28 02:47 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-07-28 02:46 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-07-28 02:40 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-07-27 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2007-07-26 03:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-07-26 02:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-07-26 02:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-07-26 02:53 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-07-26 02:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-07-26 02:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-07-26 02:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-07-26 02:53 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-07-26 02:50 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-07-26 02:50 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-07-26 02:50 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-07-26 02:50 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-07-26 02:50 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-07-26 02:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-07-26 02:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-07-26 02:50 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-07-26 02:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-07-26 02:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-07-26 02:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-07-26 02:50 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-07-26 02:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]

"StealthPlug Control Panel"="C:\WINDOWS\system32\stealthp.exe" [2006-10-06 10:51]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48]

"MsgCenterExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\RealOneMessageCenter.exe" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24]

"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-09-09 11:16]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-18 18:13]

"SDTray"="C:\Programfiler\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk

backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Morten^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Morten\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Programfiler\Winamp\winampa.exe

R3 IKStealthPlug;IK Multimedia StealthPlug Low-Level Driver;C:\WINDOWS\system32\Drivers\IKStealthPlugLL.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

AutoRun\command - L:\Setup.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - HTTPFILTER

.

Contents of the 'Scheduled Tasks' folder

"2007-10-12 17:52:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-20 22:45:13

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-20 22:46:04

.

--- E O F ---

Også den andre...:

Logfile of HijackThis v1.99.1

Scan saved at 22:47:25, on 20.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\stealthp.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\PowerISO\PWRISOVM.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Spyware Doctor\svcntaux.exe

C:\Programfiler\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe