virus hjælp til dumpap.

havde lavet et langt spørgsmål som jeg kom til at gi mig selv point for dum som jeg var.

http://www.eksperten.dk/spm/838281

kort beskrevet, tror jeg har virus,computeren fucker op.

Avast som jeg er meget træt af er meget langsomt siger stadig som det eneste program

C:\System Volume Information\_restore{71A87626-3C7F-4A67-ABE4-0002C0A8A69E}\RP505\A0084704.msi\Icon.Icon.exe

Win32:Adware-gen [Adw]

C:\System Volume Information\_restore{71A87626-3C7F-4A67-ABE4-0002C0A8A69E}\RP506\A0084712.msi\Icon.Icon.exe

Win32:Adware-gen [Adw]

kan ikke engang finde de her mapper i computeren.



cc fjernede en masse ting. efter 4 ture fandt den ikke mere den ku udbedre.

superanti fandt ingen ting denne gang, ikke engang nogle cookies.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2008 at 08:36 PM

Application Version : 4.0.1152

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type      : Complete Scan
Total Scan Time : 00:35:05

Memory items scanned      : 220
Memory threats detected  : 0
Registry items scanned    : 7625
Registry threats detected : 0
File items scanned        : 29711
File threats detected    : 0


hijackthis siger nu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:15, on 14-07-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?AuthParam=1212179716_b9dd2d887d91145a83f63dab1dca57f0&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab&File=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7209 bytes

combofix siger.

ComboFix 08-07-13.14 - xxx 2008-07-14 22:13:31.2 - NTFSx86
Running from: C:\Users\xxx\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2008-06-14 to 2008-07-14  )))))))))))))))))))))))))))))))
.

2008-07-14 22:03 . 2008-07-14 22:04    143,272,252    --a------    C:\Windows\MEMORY.DMP
2008-07-14 19:42 . 2008-07-14 19:42    <DIR>    d--------    C:\Program Files\CCleaner
2008-07-14 18:43 . 2008-07-14 18:43    <DIR>    d--------    C:\Program Files\Trend Micro
2008-07-14 09:56 . 2008-07-14 09:56    <DIR>    d--------    C:\Users\All Users\SUPERAntiSpyware.com
2008-07-14 09:56 . 2008-07-14 09:56    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2008-07-14 09:54 . 2008-07-14 09:54    <DIR>    d--------    C:\Users\xxx\AppData\Roaming\SUPERAntiSpyware.com
2008-07-14 09:54 . 2008-07-14 09:54    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-07-13 21:21 . 2008-07-14 09:21    0    --ah-----    C:\Users\Default.LOG2
2008-07-13 21:21 . 2008-07-14 09:21    0    --ah-----    C:\Users\Default.LOG1
2008-07-13 21:21 . 2008-07-13 21:21    0    --ah-----    C:\ProgramData.LOG2
2008-07-13 21:21 . 2008-07-13 21:21    0    --ah-----    C:\ProgramData.LOG1
2008-07-13 20:53 . 2008-07-13 21:36    164    --a------    C:\install.dat
2008-07-12 23:37 . 2008-07-12 23:37    <DIR>    d--------    C:\Users\xxx\AppData\Roaming\TrojanHunter
2008-07-12 23:35 . 2008-07-13 21:20    <DIR>    d--------    C:\Program Files\TrojanHunter 5.0
2008-07-12 21:27 . 2008-06-26 03:45    12,240,896    --a------    C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 21:27 . 2008-06-26 03:45    2,644,480    --a------    C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 21:27 . 2008-06-26 05:29    801,280    --a------    C:\Windows\System32\NaturalLanguage6.dll
2008-07-11 00:57 . 2008-07-11 01:01    <DIR>    d--------    C:\Users\All Users\Lavasoft
2008-07-11 00:57 . 2008-07-11 01:01    <DIR>    d--------    C:\ProgramData\Lavasoft
2008-07-10 21:52 . 2008-07-10 21:52    <DIR>    d--------    C:\unisecur
2008-07-09 08:05 . 2008-04-26 10:25    3,600,952    --a------    C:\Windows\System32\ntkrnlpa.exe
2008-07-09 08:05 . 2008-04-26 10:25    3,549,240    --a------    C:\Windows\System32\ntoskrnl.exe
2008-07-09 08:05 . 2008-04-26 10:26    891,448    --a------    C:\Windows\System32\drivers\tcpip.sys
2008-07-09 08:05 . 2008-04-12 05:32    784,896    --a------    C:\Windows\System32\rpcrt4.dll
2008-07-09 08:05 . 2008-05-10 05:35    564,736    --a------    C:\Windows\System32\emdmgmt.dll
2008-07-09 08:05 . 2008-04-05 03:21    72,192    --a------    C:\Windows\System32\drivers\pacer.sys
2008-07-09 08:05 . 2008-04-05 05:34    15,360    --a------    C:\Windows\System32\pacerprf.dll
2008-07-09 08:04 . 2008-05-08 23:59    430,080    --a------    C:\Windows\System32\vbscript.dll
2008-07-09 08:04 . 2008-05-08 23:59    180,224    --a------    C:\Windows\System32\scrobj.dll
2008-07-09 08:04 . 2008-05-08 23:59    172,032    --a------    C:\Windows\System32\scrrun.dll
2008-07-09 08:04 . 2008-05-08 23:59    155,648    --a------    C:\Windows\System32\wscript.exe
2008-07-09 08:04 . 2008-05-08 23:58    135,168    --a------    C:\Windows\System32\wshom.ocx
2008-07-09 08:04 . 2008-05-08 23:58    135,168    --a------    C:\Windows\System32\cscript.exe
2008-07-09 08:04 . 2008-05-08 23:59    90,112    --a------    C:\Windows\System32\wshext.dll
2008-07-01 15:23 . 2008-07-01 15:23    <DIR>    d--------    C:\Program Files\MSXML 4.0
2008-07-01 10:53 . 2008-07-01 10:53    <DIR>    d--------    C:\Users\All Users\WindowsSearch
2008-07-01 10:53 . 2008-07-01 10:53    <DIR>    d--------    C:\ProgramData\WindowsSearch
2008-06-30 19:49 . 2008-07-10 19:25    <DIR>    d--------    C:\Users\xxx\AppData\Roaming\Ahead
2008-06-30 19:48 . 2008-06-30 19:48    <DIR>    d--------    C:\Users\All Users\Ahead
2008-06-30 19:48 . 2008-06-30 19:48    <DIR>    d--------    C:\ProgramData\Ahead
2008-06-30 19:41 . 2008-06-30 19:42    <DIR>    d--------    C:\Users\All Users\Nero
2008-06-30 19:41 . 2008-06-30 19:42    <DIR>    d--------    C:\ProgramData\Nero
2008-06-30 19:41 . 2008-06-30 19:41    <DIR>    d--------    C:\Program Files\Nero
2008-06-30 19:41 . 2008-06-30 19:46    <DIR>    d--------    C:\Program Files\Common Files\Ahead
2008-06-26 18:05 . 2008-06-26 18:05    0    --ah-----    C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-25 23:54 . 2008-06-25 23:54    0    --ah-----    C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-24 21:12 . 2008-06-24 21:12    <DIR>    d--------    C:\Users\All Users\Avg7
2008-06-24 21:12 . 2008-06-24 21:12    <DIR>    d--------    C:\ProgramData\Avg7
2008-06-24 21:06 . 2008-06-24 21:06    <DIR>    d--------    C:\Program Files\Alwil Software
2008-06-24 21:06 . 2008-05-16 01:18    50,768    --a------    C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-23 18:33 . 2008-06-23 18:33    <DIR>    d--hs----    C:\Windows\ftpcache
2008-06-23 07:24 . 2008-06-23 07:24    <DIR>    d--------    C:\PerfLogs
2008-06-22 17:41 . 2008-06-22 17:41    <DIR>    d--------    C:\Users\All Users\GRAW2
2008-06-22 17:41 . 2008-06-22 17:41    <DIR>    d--------    C:\ProgramData\GRAW2
2008-06-22 17:31 . 2008-06-22 17:31    <DIR>    d--------    C:\Windows\System32\AGEIA
2008-06-22 17:31 . 2008-06-22 17:32    <DIR>    d--------    C:\Program Files\AGEIA Technologies
2008-06-22 17:28 . 2008-07-14 09:50    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 17:27 . 2008-06-22 17:27    <DIR>    d--------    C:\Users\All Users\Media Center Programs
2008-06-22 17:27 . 2008-06-22 17:27    <DIR>    d--------    C:\ProgramData\Media Center Programs
2008-06-22 17:15 . 2008-06-22 17:15    <DIR>    d--------    C:\Program Files\UBISOFT
2008-06-22 17:12 . 2008-06-22 17:12    <DIR>    d--------    C:\Users\xxx\AppData\Roaming\InstallShield
2008-06-18 09:03 . 2008-01-19 09:33    2,623,488    --a------    C:\Windows\System32\SLsvc.exe
2008-06-18 09:03 . 2008-01-19 09:36    1,541,120    --a------    C:\Windows\System32\onex.dll
2008-06-18 09:01 . 2008-01-19 05:12    3,662,296    --a------    C:\Windows\System32\locale.nls
2008-06-18 08:59 . 2008-01-19 09:35    4,875,776    --a------    C:\Windows\System32\NlsData0009.dll
2008-06-18 08:58 . 2008-01-19 09:35    9,847,296    --a------    C:\Windows\System32\NlsData000a.dll
2008-06-18 08:57 . 2008-01-19 09:33    8,139,264    --a------    C:\Windows\System32\ssBranded.scr
2008-06-18 08:56 . 2008-01-19 09:33    2,515,968    --a------    C:\Windows\System32\accessibilitycpl.dll
2008-06-18 08:55 . 2008-01-19 09:35    3,072,000    --a------    C:\Windows\System32\networkmap.dll
2008-06-18 08:54 . 2008-01-19 09:32    1,370,624    --a------    C:\Windows\System32\Aurora.scr
2008-06-18 08:53 . 2008-01-19 09:34    6,103,040    --a------    C:\Windows\System32\chtbrkr.dll
2008-06-18 08:52 . 2008-01-19 08:53    130,048    --a------    C:\Windows\System32\drivers\drmk.sys
2008-06-18 08:51 . 2008-01-19 08:06    8,147,456    --a------    C:\Windows\System32\wmploc.DLL
2008-06-18 08:50 . 2008-01-19 09:33    599,552    --a------    C:\Windows\System32\vsp1cln.exe
2008-06-18 08:50 . 2008-01-05 13:31    145,455    --a------    C:\Windows\System32\perfmon.msc
2008-06-18 08:50 . 2008-01-05 13:32    120,458    --a------    C:\Windows\System32\secpol.msc
2008-06-18 08:50 . 2008-01-05 13:31    3    --a------    C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-06-18 08:47 . 2008-01-19 09:36    357,888    --a------    C:\Windows\System32\wbemcomn.dll
2008-06-18 08:46 . 2008-01-19 09:36    704,512    --a------    C:\Windows\System32\SmiEngine.dll
2008-06-18 08:46 . 2008-01-19 09:36    139,264    --a------    C:\Windows\System32\SmiInstaller.dll
2008-06-18 08:45 . 2008-01-19 09:36    218,624    --a------    C:\Windows\System32\wdscore.dll
2008-06-18 08:45 . 2008-01-19 09:33    130,560    --a------    C:\Windows\System32\PkgMgr.exe
2008-06-18 08:42 . 2008-01-19 09:34    305,152    --a------    C:\Windows\System32\msdelta.dll
2008-06-18 08:42 . 2008-01-19 09:34    258,560    --a------    C:\Windows\System32\dpx.dll
2008-06-18 08:42 . 2008-01-19 09:34    246,784    --a------    C:\Windows\System32\drvstore.dll
2008-06-18 08:42 . 2008-01-19 09:35    35,328    --a------    C:\Windows\System32\mspatcha.dll
2008-06-16 12:50 . 2007-04-12 15:00    1,060,864    --a------    C:\Windows\System32\mfc71.dll
2008-06-16 12:50 . 2004-08-30 14:25    438,272    --a------    C:\Windows\System32\vp6vfw.dll
2008-06-16 12:50 . 2004-12-10 10:06    327,680    --a------    C:\Windows\System32\vp6dec.ax
2008-06-16 12:50 . 2007-04-12 15:01    118,832    --a------    C:\Windows\System32\SHW32.DLL
2008-06-16 12:36 . 2008-06-16 12:36    <DIR>    d--------    C:\Program Files\EA Sports
2008-06-16 12:34 . 2006-11-29 13:06    3,426,072    --a------    C:\Windows\System32\d3dx9_32.dll
2008-06-16 12:34 . 2006-11-29 13:06    440,080    --a------    C:\Windows\System32\d3dx10.dll
2008-06-16 12:34 . 2007-01-24 15:27    255,848    --a------    C:\Windows\System32\xactengine2_6.dll
2008-06-16 12:34 . 2006-12-08 12:02    251,672    --a------    C:\Windows\System32\xactengine2_5.dll
2008-06-16 12:34 . 2006-09-28 16:05    237,848    --a------    C:\Windows\System32\xactengine2_4.dll
2008-06-16 12:34 . 2006-09-28 16:04    68,888    --a------    C:\Windows\System32\xinput1_3.dll
2008-06-16 12:34 . 2007-01-08 15:30    15,128    --a------    C:\Windows\System32\x3daudio1_1.dll
2008-06-16 12:33 . 2006-09-28 16:05    2,414,360    --a------    C:\Windows\System32\d3dx9_31.dll
2008-06-16 12:33 . 2006-07-28 09:30    236,824    --a------    C:\Windows\System32\xactengine2_3.dll
2008-06-16 12:33 . 2006-07-28 09:30    62,744    --a------    C:\Windows\System32\xinput1_2.dll
2008-06-16 12:32 . 2005-05-26 15:34    2,297,552    --a------    C:\Windows\System32\d3dx9_26.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 23:15    ---------    d-----w    C:\Program Files\Common Files\Real
2008-07-12 23:14    ---------    d-----w    C:\Program Files\InterVideo
2008-07-12 19:34    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-07-12 18:45    ---------    d---a-w    C:\ProgramData\TEMP
2008-07-09 16:22    ---------    d-----w    C:\Program Files\Windows Mail
2008-06-23 16:29    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-06-23 05:43    174    --sha-w    C:\Program Files\desktop.ini
2008-06-23 05:30    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-06-23 05:30    ---------    d-----w    C:\Program Files\Windows Photo Gallery
2008-06-23 05:30    ---------    d-----w    C:\Program Files\Windows Journal
2008-06-23 05:30    ---------    d-----w    C:\Program Files\Windows Defender
2008-06-23 05:30    ---------    d-----w    C:\Program Files\Windows Collaboration
2008-06-23 05:30    ---------    d-----w    C:\Program Files\Windows Calendar
2008-06-15 17:43    ---------    d-----w    C:\Program Files\PokerStars
2008-06-15 17:40    ---------    d-----w    C:\Program Files\Nye programmer
2008-05-30 20:45    ---------    d-----w    C:\Program Files\Java
2008-05-30 20:37    ---------    d-----w    C:\Program Files\Common Files\Java
2008-05-30 10:16    ---------    d-----w    C:\Program Files\iTunes
2008-05-30 10:15    ---------    d-----w    C:\ProgramData\Apple Computer
2008-05-30 10:15    ---------    d-----w    C:\Program Files\iPod
2008-05-30 10:12    ---------    d-----w    C:\Program Files\Bonjour
2008-05-29 13:06    ---------    d-----w    C:\Program Files\Apex
2008-05-29 11:32    ---------    d-----w    C:\Program Files\QuickTime
2008-05-19 15:56    ---------    d-----w    C:\Program Files\Sports Interactive
2008-04-24 15:14    233,472    ----a-w    C:\Users\xxx\AppData\Roaming\REX Shared Library.dll
2008-04-24 15:14    225,280    ----a-w    C:\Users\xxx\AppData\Roaming\Rewire.dll
.
[code]<pre>
----a-w          471,040 2003-12-22 11:11:14  C:\Programmer\Sonic Foundry\Shared Plug-Ins\(Samples for Fruity Loops) YAMAHA SY-35 .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-26 17:35 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 17:28 598016 C:\Windows\SOUNDMAN.EXE]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-07 18:17:26 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{603B5021-6BA9-495C-AD51-E8ACFBAD31FA}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{40BA00B2-7B2C-4ECE-8D86-29210E8B5444}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{7D5D8D38-549F-4751-83A7-31F38D1AAFB6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5DF30055-E53A-4E6B-9F48-86E3DB360E74}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{FF2685BD-BDBF-496D-B42D-5B34AD4819FB}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{ED2A61C6-7A2D-4BF1-99EA-AADAC3A1BFD4}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{369E8FA6-57C1-422B-8725-F1B98DD89610}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{84805841-524E-4E00-9B79-6F8086D36574}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0D28EB4B-E57F-4D00-8D73-8110FEE9C15B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4AB389A6-F1C1-48F3-893D-E4B658F59C92}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{ADBFE10E-E4C4-4DBC-B22C-BF911C8578CE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21E4F27E-600F-459A-8229-9EF41FC50490}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DFE9C877-237D-4475-9D48-8F726409D7BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E338F3D0-4C34-4E46-87AF-4146E96CEFF2}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A62AAC9E-055C-441D-96EA-0EE9249A7DAF}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{7B5D65B8-B239-4EEB-B6DD-1C2DC4FDB39C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BE6ABE0D-8940-4B48-9464-8E03F28DA74B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9DAAD777-039B-410D-8F05-D4C83ADA4D87}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BD836499-4647-4B00-BB56-39B65E8AE411}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e9059f3-04b4-11dd-98cb-0015f22b56ab}]
\shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaefe30d-fe2e-11dc-afb9-0015f22b56ab}]
\shell\AutoRun\command - I:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 22:22:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-14 22:25:48
ComboFix-quarantined-files.txt  2008-07-14 20:25:28

Pre-Run: 139,960,258,560 byte ledig
Post-Run: 141,126,995,968 byte ledig

218    --- E O F ---    2008-07-12 19:36:15