Lame ;p så prøver jeg lykken igen.
Jeg fik iøvrigt et billede af satanen i 5. forsøg, se i vedhæftede filer 
Det hedder åbenbart “Zuuukev”. Edit: damnit, den siger: “Fejlbesked Billeder må ikke overstige en bredde på 1024 pixels gange 768 pixels”, hvad kan jeg gøre?
ComboFix 10-03-13.03 - Nyfpac 14-03-2010 13:25:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2045.1342 [GMT 1:00]
Kører fra: c:\users\Nyfpac\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-14 til 2010-03-14 )))))))))))))))))))))))))))))))))))
.
2010-03-14 12:39 . 2010-03-14 12:39 ———— d——-w- c:\users\Nyfpac\AppData\Local\temp
2010-03-14 12:39 . 2010-03-14 12:39 ———— d——-w- c:\users\Public\AppData\Local\temp
2010-03-14 12:39 . 2010-03-14 12:39 ———— d——-w- c:\users\Default\AppData\Local\temp
2010-03-13 10:55 . 2010-02-12 10:32 293376 ——a-w- c:\windows\system32\browserchoice.exe
2010-03-12 17:28 . 2010-03-12 17:31 ———— d——-w- c:\programdata\Microsoft Help
2010-03-12 17:24 . 2010-02-20 23:06 24064 ——a-w- c:\windows\system32\nshhttp.dll
2010-03-12 17:23 . 2010-02-20 23:05 30720 ——a-w- c:\windows\system32\httpapi.dll
2010-03-12 17:23 . 2010-02-20 20:53 411648 ——a-w- c:\windows\system32\drivers\http.sys
2010-03-03 19:03 . 2010-03-03 19:03 ———— d——-w- c:\program files\Audacity
2010-02-28 17:20 . 2010-02-28 17:20 ———— d——-w- c:\users\Nyfpac\AppData\Roaming\com.guppyworks.TrafficTestAIR-Class.F1F6615D691280F0EDF23ED8129A4EBEED86EA96.1
2010-02-28 17:19 . 2010-02-28 19:55 38784 ——a-w- c:\users\Nyfpac\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-28 14:31 . 2010-02-28 14:31 ———— d——-w- c:\program files\Trafikteori
2010-02-28 14:31 . 2010-02-28 19:55 38784 ——a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-28 14:31 . 2010-02-28 19:55 ———— d——-w- c:\program files\Common Files\Adobe AIR
2010-02-24 14:17 . 2010-01-23 09:26 2048 ——a-w- c:\windows\system32\tzres.dll
2010-02-24 14:17 . 2010-01-25 12:00 471552 ——a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:17 . 2010-01-25 12:00 471552 ——a-w- c:\windows\system32\secproc.dll
2010-02-24 14:17 . 2010-01-25 08:21 526336 ——a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:17 . 2010-01-25 08:21 346624 ——a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:17 . 2010-01-25 08:21 518144 ——a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:17 . 2010-01-25 08:21 347136 ——a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:17 . 2010-01-25 12:00 152576 ——a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:16 . 2010-01-25 12:00 152064 ——a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:16 . 2010-01-25 11:58 332288 ——a-w- c:\windows\system32\msdrm.dll
2010-02-24 14:16 . 2010-01-06 15:39 1696256 ——a-w- c:\windows\system32\gameux.dll
2010-02-24 14:16 . 2010-01-06 15:38 28672 ——a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 14:16 . 2010-01-06 13:30 4240384 ——a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 15:32 . 2010-02-23 15:32 104516 —-ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 12:20 . 2007-04-29 17:03 2140 ——a-w- c:\windows\bthservsdp.dat
2010-03-14 12:17 . 2006-11-21 04:49 77202 ——a-w- c:\windows\system32\perfc006.dat
2010-03-14 12:17 . 2006-11-21 04:49 463344 ——a-w- c:\windows\system32\perfh006.dat
2010-03-14 11:34 . 2007-05-08 08:47 49272 ——a-w- c:\users\Nyfpac\AppData\Roaming\nvModes.dat
2010-03-12 18:46 . 2006-11-02 11:18 ———— d——-w- c:\program files\Windows Mail
2010-03-01 19:29 . 2008-01-15 17:55 ———— d——-w- c:\program files\Gyldendal
2010-02-25 14:38 . 2007-04-29 10:58 78128 ——a-w- c:\users\Nyfpac\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-02 16:11 181632 ———w- c:\windows\system32\MpSigStub.exe
2010-02-23 16:41 . 2007-02-04 07:33 ———— d—h—w- c:\program files\InstallShield Installation Information
2010-02-23 16:41 . 2006-11-02 12:37 ———— d——-w- c:\program files\Microsoft Games
2010-02-22 13:50 . 2008-11-24 14:56 ———— d——-w- c:\program files\SUPERAntiSpyware
2010-02-21 23:04 . 2007-10-26 12:22 ———— d——-w- c:\users\Nyfpac\AppData\Roaming\uTorrent
2010-02-09 21:33 . 2010-02-09 21:33 ———— d——-w- c:\programdata\HP
2010-02-09 18:21 . 2008-04-04 17:59 ———— d——-w- c:\program files\Red Kawa
2010-02-09 18:18 . 2010-02-09 18:17 ———— d——-w- c:\program files\AviSynth 2.5
2010-02-07 17:51 . 2007-09-03 12:49 ———— d——-w- c:\users\Nyfpac\AppData\Roaming\Apple Computer
2010-02-07 17:51 . 2007-09-03 12:46 ———— d——-w- c:\programdata\Apple
2010-02-05 13:51 . 2010-02-05 13:50 ———— d——-w- c:\program files\iTunes
2010-02-05 13:50 . 2010-02-05 13:50 ———— d——-w- c:\program files\iPod
2010-02-05 13:50 . 2007-09-03 12:46 ———— d——-w- c:\program files\Common Files\Apple
2010-02-05 13:44 . 2010-02-05 13:44 72488 ——a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-02 14:04 . 2010-02-02 14:03 ———— d——-w- c:\program files\Safari
2010-02-02 12:59 . 2010-02-02 12:59 ———— d——-w- c:\programdata\SUPERAntiSpyware.com
2010-02-02 12:59 . 2010-02-02 12:59 ———— d——-w- c:\programdata\DAEMON Tools Lite
2010-01-27 15:59 . 2009-12-30 12:41 ———— d——-w- c:\program files\Common Files\Native Instruments
2010-01-27 15:02 . 2010-01-27 15:02 ———— d——-w- c:\users\Nyfpac\AppData\Roaming\DAEMON Tools Pro
2010-01-24 12:40 . 2010-01-24 12:40 ———— d——-w- c:\program files\Windows Portable Devices
2010-01-24 12:40 . 2006-11-02 10:25 665600 ——a-w- c:\windows\inf\drvindex.dat
2010-01-24 12:39 . 2010-01-24 12:39 0 —-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-01-24 12:38 . 2010-01-24 12:38 0 —-ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-24 12:11 . 2008-08-03 10:17 ———— d——-w- c:\programdata\Messenger Plus!
2010-01-24 12:08 . 2008-08-02 18:45 ———— d——-w- c:\program files\Messenger Plus! Live
2010-01-22 18:17 . 2006-11-02 12:37 ———— d——-w- c:\program files\Windows Sidebar
2010-01-22 18:17 . 2006-11-02 12:37 ———— d——-w- c:\program files\Windows Calendar
2010-01-22 18:17 . 2006-11-02 12:37 ———— d——-w- c:\program files\Windows Journal
2010-01-22 18:17 . 2006-11-02 12:37 ———— d——-w- c:\program files\Windows Collaboration
2010-01-22 18:17 . 2006-11-02 12:37 ———— d——-w- c:\program files\Windows Photo Gallery
2010-01-22 18:17 . 2006-11-02 12:37 ———— d——-w- c:\program files\Windows Defender
2010-01-22 17:35 . 2010-01-16 14:04 ———— d——-w- c:\users\Nyfpac\AppData\Roaming\Dropbox
2010-01-22 16:19 . 2008-11-03 20:00 ———— d——-w- c:\program files\Polob32
2010-01-06 15:38 . 2010-02-24 14:16 173056 ——a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:16 542720 ——a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:16 458752 ——a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 14:16 2159616 ——a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 15:37 916480 ——a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:37 71680 ——a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 15:37 109056 ——a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 15:37 133632 ——a-w- c:\windows\system32\ieUnatt.exe
2009-12-23 16:58 . 2007-12-16 20:20 7484 ——a-w- c:\users\Nyfpac\AppData\Local\d3d9caps.dat
2009-12-19 14:17 . 2009-12-19 14:17 396552 ——a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-04-05 19:38 . 2008-04-02 21:25 72 —sh—w- c:\windows\S9D4B6166.tmp
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” [2009-07-26 3883856]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2010-02-22 2012912]
“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2009-04-23 691656]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-19 1008184]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-11-15 815104]
“QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2006-11-06 159744]
“WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2006-10-18 317152]
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2006-10-18 472800]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2007-02-28 90191]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-02-28 7770112]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-02-28 81920]
“sclauncher”=“c:\program files\SimpleCenter\bin\win\sclauncher.exe” [2007-10-11 94208]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2008-12-08 54576]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-11-10 417792]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-10-11 149280]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2010-01-22 141608]
c:\users\Nyfpac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“EnableShellExecuteHooks”= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 09:25 548352 ——a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiSpywareOverride”=dword:00000001
“VistaSp2”=hex(b):27,70,37,5c,90,9b,ca,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-06 721904]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2009-08-28 40448]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-22 66632]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
———- Yderligere scanning———-
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
Trusted Zone: nordea.dk\www.netbank
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 13:39
Windows 6.0.6002 Service Pack 2 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
[HKEY_USERS\S-1-5-21-3759844419-2013506861-175560018-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7ADCD7E2-DD7C-3462-8968-B2D139ED101D}*]
“haembhhhkapcanjk”=hex:6a,61,6a,6b,64,6c,65,62,68,70,66,69,70,62,65,62,65,6a,
62,62,00,31
“iakmljommmeepliplk”=hex:63,61,6e,6b,6b,63,00,7f
“iaoldegomdmbeagnmj”=hex:6a,61,6a,6b,64,6c,65,62,68,70,66,69,70,62,65,62,65,6a,
62,62,00,31
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Gennemført tid: 2010-03-14 13:43:42
ComboFix-quarantined-files.txt 2010-03-14 12:43
Pre-Kørsel: 99.780.927.488 byte ledig
Post-Kørsel: 99.760.267.264 byte ledig
- - End Of File - - 5BC0B943F8DC776D1783F5B8017A6A68
