blåskjerm med MM og SUPER

[hernil]

har de siste dagene opplevd blåskjerm når jeg prøver å konvertere filer med SUPER og nå jeg åpner en artist mappe i MediaMonkey. blåskjerm meldingen sier at det er windrvNT.sys som er problemet, og så vidt jeg kan se(/google) er det en fil som hører til programmet FolderLock. problemet er det at jeg har avinstallert det programmet for nesten et år siden!

prøvde forresten å installere det på nytt nå nettopp og fjerne det igjen, og nå finner jeg ikke filen når jeg søker etter den, men problemet er der fortsatt.

Bilde av blåskjermen:

 

er det noen som vet hva jeg kan gjøre? kan dette være virus eller annen dritt?

takker for gode tips og forslag!

 

ps. kjører forresten windows xp home og både SUPER og MM var nyeste versjon.

[norbat]

Post gjerne en hjt-logg:

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

[hernil]

HJT logg:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 20:05:59, on 10.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Norton Internet Security\ISSVC.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Mozy\mozybackup.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Mozy\mozybackup.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Mozy\mozystat.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Mozilla Thunderbird\thunderbird.exe

C:\Programfiler\Pidgin\pidgin.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Documents and Settings\nils herde\Skrivebord\HT.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.18.44.220:8099

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bMT] C:\Prog telecharger\MouseTrack\MouseTrack.exe

O4 - Startup: Snarvei til MouseTrack.lnk = C:\Prog telecharger\MouseTrack\MouseTrack.exe

O4 - Startup: Snarvei til todo.lnk = C:\Documents and Settings\nils herde\Skrivebord\todo.txt

O4 - Global Startup: Mozy Status.lnk = C:\Programfiler\Mozy\mozystat.exe

O8 - Extra context menu item: &Konverter koblingsmål til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konverter koblingsmål til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konverter valgte koblinger til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konverter valgte koblinger til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Konverterer utvalg til Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konverterer utvalg til eksisterende PDF-fil - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: IntelWireless - C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Programfiler\Mozy\mozybackup.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\Pacsptisvr.exe (file missing)

O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\Sptisrv.exe (file missing)

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

 

 

Takker for raskt svar!

[norbat]

Loggen ser grei ut. Ingen indikasjon på noen infeksjoner.

 

Du kan poste en Combofix-logg. Kanskje den kan fortelle litt mer:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt)

[hernil]

combofix logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-09-10.6 - "nils herde" 2007-09-10 21:05:01.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.664 [GMT 2:00]

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))

.

 

2007-09-10 17:16 <DIR> d-------- C:\Programfiler\Folder Lock

2007-09-09 16:54 <DIR> dr-h----- C:\DOCUME~1\NILSHE~1\Siste

2007-09-08 19:04 <DIR> d-------- C:\Programfiler\MediaCoder

2007-09-05 20:45 <DIR> d-------- C:\Programfiler\FLAC

2007-09-05 20:42 <DIR> d-------- C:\Programfiler\Aspell

2007-09-05 18:44 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Mine dokumenter

2007-09-02 19:58 <DIR> d-------- C:\fotoknudsen

2007-09-01 12:50 <DIR> d-------- C:\Programfiler\Equation Wizard

2007-09-01 12:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Equation Wizard

2007-08-31 17:49 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\Opera

2007-08-30 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\FLEXnet

2007-08-30 18:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\ALM

2007-08-30 17:51 <DIR> d-------- C:\Programfiler\Opera

2007-08-30 17:42 <DIR> d-------- C:\Programfiler\Bonjour

2007-08-30 17:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2007-08-28 20:24 <DIR> d-------- C:\Programfiler\QuickTime

2007-08-28 20:22 <DIR> d-------- C:\Programfiler\Apple Software Update

2007-08-28 20:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple

2007-08-26 18:51 <DIR> d-------- C:\Programfiler\MediaMonkey

2007-08-22 16:30 <DIR> d-------- C:\Programfiler\TrueCrypt

2007-08-20 17:47 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\WinRAR

2007-08-20 15:52 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\AChat

2007-08-19 17:49 <DIR> d-------- C:\Programfiler\MSN Messenger

2007-08-19 11:09 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\uTorrent

2007-08-18 17:42 <DIR> d-------- C:\Programfiler\Fastlane

2007-08-18 13:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2007-08-18 12:55 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-08-15 16:18 <DIR> d-------- C:\DOCUME~1\NILSHE~1\.crossftpserver

2007-08-15 15:52 53,248 --a------ C:\WINDOWS\system32\fmdax3.dll

2007-08-15 15:52 53,248 --a------ C:\WINDOWS\system32\fmdax2.dll

2007-08-15 15:52 53,248 --a------ C:\WINDOWS\system32\fmdax1.dll

2007-08-15 14:00 <DIR> d-------- C:\Programfiler\MSXML 4.0

2007-08-15 13:25 <DIR> d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\FreeCommander

2007-08-14 13:06 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-14 13:06 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-14 13:05 <DIR> d-------- C:\Programfiler\Picasa2

2007-08-12 16:01 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2007-08-12 16:01 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2007-08-12 16:01 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2007-08-12 16:00 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-08-12 16:00 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-08-12 16:00 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-08-12 16:00 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-08-11 13:03 <DIR> d-------- C:\Programfiler\7-Zip

2007-08-10 15:57 <DIR> d-------- C:\Programfiler\SyncCopy

2007-08-10 12:45 <DIR> d-------- C:\VikingCopy

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-10 20:08 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\.purple

2007-09-10 19:55 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\MyPhoneExplorer

2007-09-10 17:23 20 --a------ C:\sccfg.sys

2007-09-09 20:16 --------- d-------- C:\Programfiler\Siber Systems

2007-09-09 20:08 3888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS

2007-09-09 20:06 --------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2007-09-08 17:40 --------- d-------- C:\Programfiler\Panda Security

2007-09-07 20:50 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\gtk-2.0

2007-09-06 18:51 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\GoodSync

2007-09-05 20:43 --------- d-------- C:\Programfiler\Pidgin

2007-09-05 20:39 --------- d-------- C:\Programfiler\Fellesfiler\GTK

2007-09-05 18:37 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\Skype

2007-09-04 08:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\DVD Shrink

2007-09-03 14:01 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-28 20:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple Computer

2007-08-26 18:57 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\dvdcss

2007-08-25 11:10 --------- d-------- C:\Programfiler\Mozy

2007-08-24 16:11 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\TrueCrypt

2007-08-20 20:49 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs

2007-08-19 11:09 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\Wyzo

2007-08-17 19:06 --------- d-------- C:\Programfiler\SUPERAntiSpyware

2007-08-15 15:52 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\MusicUploader

2007-08-14 13:05 --------- d-------- C:\Programfiler\Google

2007-08-12 16:00 --------- d-------- C:\Programfiler\Ahead

2007-08-12 13:11 --------- d--h----- C:\Programfiler\InstallShield Installation Information

2007-08-10 15:56 720896 --a------ C:\WINDOWS\iun6002.exe

2007-08-09 20:54 --------- d-------- C:\Programfiler\MyPhoneExplorer

2007-08-09 17:07 --------- d-------- C:\Programfiler\LaCie

2007-08-09 16:41 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\LaCie

2007-08-09 15:29 --------- d-------- C:\Programfiler\Mozilla Thunderbird

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-17 11:29 --------- d-------- C:\Programfiler\Norton Internet Security

2007-07-14 18:37 --------- d-------- C:\DOCUME~1\NILSHE~1\PROGRA~1\Ahead

2007-07-14 18:30 --------- d-------- C:\Programfiler\Fellesfiler\Ahead

2007-07-13 01:32 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-10 11:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help

2007-06-27 16:13 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 16:13 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 16:13 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 16:13 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 16:13 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 16:13 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 16:13 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 16:13 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 16:12 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 16:12 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 16:12 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 16:12 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 16:12 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 16:12 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 16:11 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 16:11 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 16:11 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 16:11 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 16:11 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 16:11 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:29 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 15:33 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe

2007-06-13 15:24 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-13 15:24 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2006-11-07 17:24 73728 --a------ C:\DOCUME~1\NILSHE~1\SetupNI.dll

2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe

2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll

2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll

2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe

2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-21 18:24]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-15 12:20]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"Adobe_ID0EYTHM"="C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]

"BMT"="C:\Prog telecharger\MouseTrack\MouseTrack.exe" [2003-10-29 17:19]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Source= C:\Documents and Settings\nils herde\Programdata\Mozilla\Firefox\Profiles\1ccpskyg.default\bookmarkbackups\bookmarks-2007-05-21.html

FriendlyName=

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]

Source= C:\Documents and Settings\nils herde\Programdata\Mozilla\Firefox\Profiles\1ccpskyg.default\bookmarkbackups\www.diskusjon.no.htm

FriendlyName=

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

"C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Programfiler\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

C:\Programfiler\Apoint\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

"C:\Prog telecharger\BitTorrent\bittorrent.exe" --force_start_minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanTalk.NET]

C:\Prog telecharger\LanTalk NET\LanTalk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

C:\Programfiler\Logitech\Video\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mmm]

"C:\Prog telecharger\fjerning av høyreklikkfunksjoner\Test\Mmm.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

"C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

 

R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys

R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe"

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

S4 Abel;Abel;E:\Pogrammer\Cain\Abel.exe

S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-09-10 14:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - nils herde.job"

"2007-09-10 19:09:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Programfiler\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-10 21:09:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]

"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

.

Completion time: 2007-09-10 21:10:50

.

--- E O F ---

[norbat]

Du kan forsøke følgende:

 

Klikk: Start->Kjør

Skriv: services.msc

 

Se om du finner en tjeneste knyttet til Folder Lock, eks. noe med windrvNT.

 

Hvis programmet er slettet kan du slette mappa C:\Programfiler\Folder Lock

 

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Saker' til det ikke finner flere feil.

 

Restart pc'n og se om ting og tang blir bedre.

[hernil]

sjekka om det var noe merkelig med tjenester, men fant ingenting, hverken med folderlock eller windrvNT.sys. kjørte det du sa med CCleaner har ikke starta på nytt ennå, men jeg jeg starta MM og tok på hoy prioritet i oppgavebehandlingen og nå funker det fint!

skal si ifra om jeg opplever noen flere problemer.

 

tusen takk for all hjelp!