0

hey all, im new to this site and i have peoblems with opening my controll panel.

if i have any vira or problems besides the control panel please say it 2 :)
i have XP and here is the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:33, on 20-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctssvc.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\TEMP\NLE286.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\Programmer\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmproxy.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmer\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Steam\steam.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\pnkbstra.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 80.67.5.82 phantomp2p.com
O1 - Hosts: 80.67.5.82 dk.phantomp2p.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Programmer\VMware\VMware Workstation\vmware-tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programmer\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://trend02.naestved.dk/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://trend02.naestved.dk/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237472376489
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237472368677
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9934 bytes


best regards wuss15

2
Contributors
21
Replies
22
Views
8 Years
Discussion Span
Last Post by crunchie
Featured Replies
0

Hi and welcome to the Daniweb forums :).

==========

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

0

i still can't open the control panel and i have now discorved that my computer don't use autorun anymore.
so if i put a disk in my com it dosen't autorun :(

the malware log:

Malwarebytes' Anti-Malware 1.36
Database version: 2161
Windows 5.1.2600 Service Pack 3

21-05-2009 13:39:12
mbam-log-2009-05-21 (13-39-12).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|)
Objekter skannet: 186171
Tid tilbagelagt: 1 hour(s), 35 minute(s), 0 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Programmer\MSN\MSNCoreFiles\copymar.exe (Worm.Luder) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\copymar.exe (Worm.Luder) -> Quarantined and deleted successfully.

and the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:05, on 21-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\IRFAFE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmproxy.exe
C:\Programmer\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThis.exe
C:\Programmer\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 80.67.5.82 phantomp2p.com
O1 - Hosts: 80.67.5.82 dk.phantomp2p.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Programmer\VMware\VMware Workstation\vmware-tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programmer\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://trend02.naestved.dk/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://trend02.naestved.dk/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237472376489
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237472368677
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9858 bytes

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

heres the combo fix log:

ComboFix 09-05-20.A0 - Administrator 21-05-2009 14:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2047.1599 [GMT 2:00]
Kører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {95BD0870-0E2C-400D-BBAB-AD963FC02263}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-04-21 til 2009-05-21 )))))))))))))))))))))))))))))))))))
.

2009-05-21 10:01 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 10:01 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 10:01 . 2009-05-21 10:01 -------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-05-20 21:08 . 2003-06-25 14:05 266360 ----a-w c:\windows\system32\TweakUI.exe
2009-05-20 19:29 . 2009-05-20 19:29 -------- d-----w c:\documents and settings\All Users\Application Data\U3
2009-05-20 17:32 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-20 17:31 . 2009-05-20 17:31 -------- d-----w c:\programmer\Panda Security
2009-05-20 15:32 . 2009-05-20 19:29 -------- d-----w c:\documents and settings\Administrator\Application Data\U3
2009-05-17 08:22 . 2009-05-17 15:38 -------- d-----w c:\documents and settings\Administrator\Application Data\VMware
2009-05-16 19:04 . 2009-05-21 11:42 -------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-05-16 19:03 . 2009-03-26 15:31 55856 ----a-r c:\windows\system32\vnetinst.dll
2009-05-16 19:03 . 2009-03-26 15:31 16560 ----a-r c:\windows\system32\drivers\vmnetadapter.sys
2009-05-16 19:03 . 2009-03-26 21:04 326192 ----a-w c:\windows\system32\vmnetdhcp.exe
2009-05-16 19:03 . 2009-03-26 21:04 399920 ----a-w c:\windows\system32\vmnat.exe
2009-05-16 19:03 . 2009-03-26 21:05 26288 ----a-w c:\windows\system32\drivers\vmnetuserif.sys
2009-05-16 19:03 . 2009-03-26 15:31 31280 ----a-r c:\windows\system32\drivers\vmnetbridge.sys
2009-05-16 19:03 . 2009-03-26 15:31 18736 ----a-r c:\windows\system32\drivers\vmnet.sys
2009-05-16 19:03 . 2009-03-26 15:31 50736 ----a-r c:\windows\system32\vmnetbridge.dll
2009-05-16 19:03 . 2009-03-26 21:04 723504 ----a-w c:\windows\system32\vnetlib.dll
2009-05-16 19:02 . 2009-03-26 21:05 23216 ----a-w c:\windows\system32\drivers\VMkbd.sys
2009-05-16 19:01 . 2009-05-21 11:42 -------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-05-16 19:00 . 2009-05-16 19:00 -------- d-----w c:\programmer\VMware
2009-05-15 11:31 . 2009-05-16 14:13 -------- d-----w c:\documents and settings\Administrator\Application Data\Red Alert 3 Uprising
2009-05-15 11:19 . 2009-05-15 11:19 -------- d-----w c:\programmer\Electronic Arts
2009-05-08 08:15 . 2009-05-08 08:15 -------- d-----w c:\programmer\Fælles filer\Macrovision Shared
2009-05-08 08:04 . 2009-05-08 08:04 -------- d-----w C:\Autodesk
2009-05-07 21:22 . 2009-05-09 21:18 218008 ----a-w c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-05-07 14:54 . 2009-05-07 15:04 -------- d-----w c:\documents and settings\Administrator\Application Data\Autodesk
2009-05-07 14:54 . 2009-05-07 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-07 14:54 . 2009-05-07 14:54 -------- d-----w c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Autodesk
2009-05-06 14:59 . 2009-05-17 12:08 -------- d-----w c:\documents and settings\Administrator\Application Data\Download Manager
2009-05-06 13:18 . 2009-05-06 13:18 -------- d-----w c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-05-05 12:35 . 2009-05-08 08:15 -------- d-----w c:\programmer\Fælles filer\Autodesk Shared
2009-05-05 12:35 . 2009-05-07 14:54 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-05-03 17:36 . 2009-05-08 08:16 -------- d-----w c:\programmer\Autodesk
2009-05-01 04:59 . 2009-05-01 04:59 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-29 14:07 . 2009-04-29 14:07 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-24 18:10 . 2009-04-24 18:10 -------- d-----w c:\documents and settings\Administrator\Lokale indstillinger\Application Data\In_The_Money_LLC
2009-04-24 18:09 . 2009-04-24 18:09 -------- d-----w c:\programmer\In The Money

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 11:50 . 2009-03-19 20:05 -------- d-----w c:\programmer\Steam
2009-05-20 17:13 . 2009-03-30 07:26 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-20 11:20 . 2009-03-24 06:04 -------- d-----w c:\programmer\Spyware Doctor
2009-05-16 19:02 . 2001-10-09 11:00 84968 ----a-w c:\windows\system32\perfc006.dat
2009-05-16 19:02 . 2001-10-09 11:00 462722 ----a-w c:\windows\system32\perfh006.dat
2009-05-16 18:50 . 2009-04-12 14:23 -------- d-----w c:\programmer\Lavasoft
2009-05-15 17:18 . 2009-03-19 19:03 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-15 14:41 . 2009-03-29 14:50 -------- d-----w c:\programmer\bwin
2009-05-14 18:55 . 2009-04-13 11:14 -------- d-----w c:\programmer\Warcraft III
2009-05-14 18:30 . 2009-04-18 18:10 -------- d-----w c:\programmer\Windows Live Safety Center
2009-05-04 15:52 . 2009-03-19 15:09 69232 ----a-w c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 07:30 . 2009-03-19 13:54 -------- d--h--w c:\programmer\InstallShield Installation Information
2009-05-03 16:24 . 2009-03-19 15:51 -------- d-----w c:\programmer\Microsoft Works
2009-04-20 05:13 . 2009-03-24 06:05 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-18 18:16 . 2009-04-18 18:15 -------- d-----w c:\programmer\WinPcap
2009-04-15 18:47 . 2009-04-15 18:47 -------- d-----w c:\programmer\Apple Software Update
2009-04-13 11:31 . 2009-04-13 11:18 74007 ----a-w c:\windows\War3Unin.dat
2009-04-13 11:24 . 2009-04-13 11:18 2829 ----a-w c:\windows\War3Unin.pif
2009-04-13 11:24 . 2009-04-13 11:18 139264 ----a-w c:\windows\War3Unin.exe
2009-04-12 09:48 . 2009-03-21 19:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 13:50 . 2009-04-11 13:50 -------- d-----w c:\programmer\DVD Decrypter
2009-04-11 13:48 . 2009-04-11 12:52 47360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-04-11 12:52 . 2009-04-11 12:52 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-11 12:44 . 2009-03-21 13:21 -------- d-----w c:\programmer\Fælles filer\Nero
2009-04-11 12:08 . 2009-03-22 10:09 -------- d-----w c:\programmer\Fælles filer\Blizzard Entertainment
2009-04-06 15:11 . 2009-04-06 15:11 -------- d-----w c:\programmer\Nero
2009-04-04 13:40 . 2009-04-03 13:47 -------- d-----w c:\programmer\Jasc Software Inc
2009-04-02 18:46 . 2009-03-30 07:27 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-02 18:46 . 2009-03-30 07:26 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-02 11:51 . 2009-03-30 07:27 22328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2009-04-02 11:33 . 2009-04-02 11:33 -------- d-----w c:\programmer\Activision
2009-04-02 11:25 . 2009-03-21 11:43 -------- d-----w c:\programmer\MSECACHE
2009-04-02 11:23 . 2009-03-19 17:24 -------- d-----w c:\programmer\Creative
2009-04-02 08:37 . 2009-01-07 11:09 76688 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-04-02 08:37 . 2009-01-07 11:09 338960 ----a-w c:\windows\system32\drivers\TM_CFW.sys
2009-04-01 17:06 . 2009-03-30 07:26 2250024 ----a-w c:\windows\system32\pbsvc.exe
2009-03-30 07:13 . 2009-03-19 18:23 1006 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-29 12:33 . 2009-03-29 12:33 -------- d-----w c:\programmer\Kalypso
2009-03-27 06:09 . 2009-03-20 16:45 -------- d-----w c:\programmer\eMule
2009-03-26 21:05 . 2009-03-26 21:05 54960 ----a-w c:\windows\system32\drivers\vmci.sys
2009-03-26 21:05 . 2009-03-26 21:05 857520 ----a-w c:\windows\system32\drivers\vmx86.sys
2009-03-26 21:05 . 2009-03-26 21:05 32304 ----a-w c:\windows\system32\drivers\hcmon.sys
2009-03-26 21:04 . 2009-03-26 21:04 14896 ----a-w c:\windows\system32\drivers\vmparport.sys
2009-03-26 19:16 . 2009-03-26 19:16 -------- d-----w c:\programmer\SystemRequirementsLab
2009-03-26 17:11 . 2009-03-26 17:11 248368 ----a-w c:\windows\system32\vmnc.dll
2009-03-25 16:27 . 2009-03-25 16:27 -------- d-----w c:\programmer\CCleaner
2009-03-24 06:06 . 2009-03-24 06:04 -------- d-----w c:\programmer\Fælles filer\PC Tools
2009-03-24 05:32 . 2009-03-24 05:32 -------- d-----w c:\programmer\Fælles filer\Futuremark Shared
2009-03-23 17:46 . 2009-03-23 17:45 -------- d-----w c:\programmer\QuickTime
2009-03-23 13:11 . 2009-03-23 13:11 -------- d-----w c:\programmer\MainConcept
2009-03-20 14:27 . 2009-03-19 18:50 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-19 19:08 . 2009-03-19 19:08 88 --sh--r c:\windows\system32\7FE4F2B68B.sys
2009-03-19 17:27 . 2009-03-19 17:27 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-19 17:27 . 2009-03-19 17:27 102400 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-19 16:30 . 2009-03-19 16:30 142 ----a-w c:\documents and settings\Administrator\Lokale indstillinger\Application Data\fusioncache.dat
2009-03-19 15:18 . 2009-03-19 15:18 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-19 15:17 . 2009-03-19 15:17 0 ----a-w c:\windows\nsreg.dat
2009-03-19 13:35 . 2001-10-09 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-19 13:34 . 2009-03-19 13:34 70691 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-03-19 13:32 . 2009-03-19 13:32 21644 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-16 13:18 . 2009-03-25 15:51 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 13:18 . 2009-03-25 15:51 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 13:18 . 2009-03-25 15:51 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 13:18 . 2009-03-25 15:51 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 14:27 . 2009-03-25 15:51 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 14:27 . 2009-03-25 15:51 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 14:27 . 2009-03-25 15:51 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-06 14:20 . 2009-03-19 14:40 284672 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2009-02-18 86016]
"OfficeScanNT Monitor"="c:\programmer\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-04-02 718120]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"VolPanel"="c:\programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\programmer\Fælles filer\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2009-01-05 413696]
"vmware-tray"="c:\programmer\VMware\VMware Workstation\vmware-tray.exe" [2009-03-26 96816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"P17Helper"="SPIRun.dll" - c:\windows\system32\SPIRun.dll [2006-07-03 10752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-5-20 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\eMule\\emule.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Programmer\\BearShare\\BearShare.exe"=
"c:\\Programmer\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50337:TCP"= 50337:TCP:Trend Micro OfficeScan Listener

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20-05-2009 19:32 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24-03-2009 08:05 130936]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\OfficeScan Client\tmpreflt.sys [26-11-2008 18:42 36368]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26-03-2009 23:05 54960]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [07-01-2009 13:09 338960]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12-03-2009 17:36 86016]
S2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\OfficeScan Client\tmxpflt.sys [26-11-2008 18:42 225296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06-11-2007 22:22 34064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programmer\Spyware Doctor\pctsAuxs.exe [24-03-2009 08:04 348752]
S3 TmPfw;OfficeScan NT Firewall;c:\programmer\Trend Micro\OfficeScan Client\TmPfw.exe [08-09-2008 12:49 488768]
S3 TmProxy;OfficeScan NT Proxy Service;c:\programmer\Trend Micro\OfficeScan Client\TmProxy.exe [08-09-2008 12:49 652552]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [05-10-2005 11:44 468768]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - mchInjDrv
.
Indhold af mappen 'Planlagte Opgaver'
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.bearshare.com/dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programmer\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ueua6hh9.default\
FF - prefs.js: browser.startup.homepage - Landstedsraadet.dk
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ueua6hh9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 14:59
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="?a?\11? H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"c:\\docume~1\\admini~1\\lokale~1\\temp\\pft60.tmp\\source\\smbus\\smbusati.inf\00"
.
Gennemført tid: 2009-05-21 15:00
ComboFix-quarantined-files.txt 2009-05-21 13:00

Pre-Kørsel: 20.319.391.744 byte ledig
Post-Kørsel: 22.539.661.312 byte ledig

228 --- E O F --- 2009-05-13 19:32


here the hijack but i havn't shut my com down before i run HJT so i don't know if it counts as a fresh log but here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:14, on 21-05-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmpfw.exe
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\ZF30C2.EXE
C:\Programmer\Trend Micro\OfficeScan Client\tmproxy.exe
C:\Programmer\Spyware Doctor\pctsGui.exe
C:\Programmer\Spyware Doctor\sdloader.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThis.exe
C:\Programmer\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 80.67.5.82 phantomp2p.com
O1 - Hosts: 80.67.5.82 dk.phantomp2p.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Programmer\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vmware-tray] C:\Programmer\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programmer\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://trend02.naestved.dk/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://trend02.naestved.dk/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237472376489
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237472368677
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9633 bytes

1

Are you able to get in to the control panel now?

Votes + Comments
you helped me fix 2 of my coms problems :)
0

no :(

it say that explore have made a error and shut the panel down.

and some info:

i read a place i should find the files there was bad and i have foundet about 3 .cpl there was bad. i have tryed to delete them but dosen't help, it remake them in the bad form.

0

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

0

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=0c4eb5cd85b3e84780c4323781596d57
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-22 10:19:44
# local_time=2009-05-22 12:19:44 (+0100, Rom, sommertid)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=67520
# found=0
# cleaned=0
# scan_time=1705

0

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your XP CD if/when requested.

0

well unfortunal it say the cd i have isn' the cd i installed on, but it is!
i used the same CD for reinstall windows a half year ago.

0

I have now tryed to add the 2 keys but I still can't open the control panel.

i ge the explore error:
AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: neroburnrights.cpl
ModVer: 2.3.0.0 Offset: 00008314

now it says this in the error report.
so if i remove the neroburnrights.cpl from my computer will it so start or will it won't help?

0

hmm it worked.

i seached the neroburningrights.cpl and deleted it and now control panel is working :)

but if you can i would like you to give a suggest of why my com now can't use autorun.

when i put a disk in my com it don't start as normal with autorun :(

you hav an idea of why?

0

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Try it now.

0

it didn't help :(

is there any place/program where i can see what file/program there is makeing the autorun error?

because it don't show up as a error i just don't show up at all.

0

Download the attached zip file and unzip enableautoruns.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.
Reboot when done and check if the entries are gone.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.