Ok it worked, I'll copy & paste the log:
ComboFix 09-12-08.03 - XP 2009-12-08 23:10:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.512.225 [GMT 1:00]
Körs från: c:\program\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\XP\LOKALA~1\Temp\wscsvc32.exe
c:\documents and settings\XP\Application Data\iniasd.txt
c:\recycler\NPROTECT
c:\windows\system32\dataset.dll
c:\windows\system32\drivers\4ddca8de.sys
c:\windows\system32\drivers\H8SRTgqtjlhlijw.sys
c:\windows\system32\h8srtcfg.dat
c:\windows\system32\H8SRTkvjiktivkk.dll
c:\windows\system32\H8SRTpyyxwnlcop.dll
c:\windows\system32\H8SRTyjlfrmllyp.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\jjkmp.bak1
c:\windows\system32\jjkmp.bak2
c:\windows\system32\jjkmp.ini
c:\windows\system32\jjkmp.ini2
c:\windows\system32\jjkmp.tmp
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\pagefileconfig.vbs
c:\windows\system32\srcr.dat
c:\windows\system32\proquota.exe was missing
Återställd kopia från - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_h8srtd.sys
-------\Legacy_h8srtd.sys
-------\Legacy_NNSERV
-------\Service_NNServ
-------\Service_4ddca8de
(((((((((((((((((((((((( Filer Skapade från 2009-11-08 till 2009-12-08 ))))))))))))))))))))))))))))))
.
2009-12-08 21:44 . 2009-12-08 21:44 3842778 ----a-r- c:\program\Combo-Fix.exe
2009-12-08 21:43 . 2009-12-08 21:43 3842778 ----a-w- c:\program\ComboFix.exe
2009-12-08 21:35 . 2009-12-08 21:27 4844296 ----a-w- c:\program\mbam-setup.exe
2009-12-05 16:42 . 2006-02-13 08:29 262 ----a-w- c:\windows\system32\SNN_reg.bat
2009-12-05 16:42 . 2005-12-27 09:45 761856 ----a-w- c:\windows\system32\CDDBUI.dll
2009-12-05 16:42 . 2005-12-22 03:05 139264 ----a-w- c:\windows\system32\CddbMusicIDUISamsung.dll
2009-12-05 16:42 . 2006-01-24 10:50 225280 ----a-w- c:\windows\system32\SNN_Crypto.dll
2009-12-05 16:42 . 2005-12-27 09:45 770048 ----a-w- c:\windows\system32\CDDBUISamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 643072 ----a-w- c:\windows\system32\CDDBControlSamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 585728 ----a-w- c:\windows\system32\CddbMusicIDSamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 577536 ----a-w- c:\windows\system32\CDDBControl.dll
2009-12-05 16:42 . 2005-12-27 09:45 487424 ----a-w- c:\windows\system32\CddbPlaylist2Samsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 249856 ----a-w- c:\windows\system32\CddbPlaylistSamsung.dll
2009-12-05 16:42 . 2005-12-27 09:45 147456 ----a-w- c:\windows\system32\CddbCleanSamsung.dll
2009-12-05 16:23 . 2009-12-05 16:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 21:50 . 2008-06-18 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-05 16:41 . 2004-03-03 21:33 -------- d--h--w- c:\program\InstallShield Installation Information
2009-12-02 13:30 . 2009-10-06 15:38 -------- d-----w- c:\documents and settings\XP\Application Data\Skype
2009-12-02 12:35 . 2009-10-06 16:01 -------- d-----w- c:\documents and settings\XP\Application Data\skypePM
2009-11-08 11:05 . 2009-02-22 15:38 -------- d-----w- c:\documents and settings\XP\Application Data\Winamp
2009-11-08 10:53 . 2004-03-07 17:26 -------- d-----w- c:\program\Winamp
2009-11-08 10:51 . 2009-11-08 10:51 10515744 ----a-w- c:\program\winamp556_full_emusic-7plus_sv-se.exe
2009-11-06 10:11 . 2009-11-26 13:03 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-28 19:56 . 2004-03-07 17:51 -------- d-----w- c:\program\Direct Connect
2009-10-27 16:08 . 2009-10-27 16:08 -------- d-----w- c:\documents and settings\XP\Application Data\Malwarebytes
2009-10-27 16:08 . 2009-10-27 14:07 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-10-27 14:12 . 2009-10-27 14:12 -------- d-----w- c:\program\Trend Micro
2009-10-27 14:12 . 2009-10-27 14:12 812344 ----a-w- c:\program\HJTInstall.exe
2009-03-05 20:30 . 2009-03-05 20:30 201384 ----a-w- c:\program\GoogleToolbarInstaller_download_signed.exe
2009-02-16 12:43 . 2009-02-16 12:43 9167136 ----a-w- c:\program\winamp5541_full_emusic-7plus_sv-se.exe
2009-01-18 15:48 . 2009-01-18 15:48 428258 ----a-w- c:\program\Hjsplit.exe
2008-12-25 13:37 . 2008-12-17 10:46 14591176 ----a-w- c:\program\DivXInstaller.exe
2008-12-09 17:02 . 2008-12-09 17:02 53682216 ----a-w- c:\program\avg_free_stf_en_8_176a1399.exe
2008-07-17 17:25 . 2008-07-17 16:59 48367896 ----a-w- c:\program\avg_free_stf_en_8_138a1332.exe
2007-02-11 18:25 . 2007-02-11 18:25 14993976 ----a-w- c:\program\GoogleEarthWin.exe
2007-01-26 20:08 . 2007-01-26 20:08 10431072 ----a-w- c:\program\mp71.exe
2007-01-19 13:19 . 2007-01-19 13:19 10537576 ----a-w- c:\program\zlsSetup_61_737_000_en.exe
2006-11-05 12:45 . 2006-11-05 12:45 5708152 ----a-w- c:\program\Firefox Setup 2.0.exe
2006-07-26 12:38 . 2005-04-01 11:26 331368 ----a-w- c:\program\setupEM4102.exe
2006-03-21 16:52 . 2006-03-21 16:52 2023624 ----a-w- c:\program\PPLiveSetup1.0.9.9.exe
2006-03-01 18:08 . 2006-03-01 18:08 641656 ----a-w- c:\program\GoogleToolbarInstaller.exe
2006-02-17 17:34 . 2006-02-17 17:34 3745834 ----a-w- c:\program\SweetImSetup.exe
2006-01-12 20:13 . 2006-01-12 20:13 1362977 ----a-w- c:\program\BitLord_1.01.exe
2006-01-12 19:41 . 2006-01-12 19:41 3009003 ----a-w- c:\program\ABC-win32-v2.6.9.exe
2005-11-22 17:30 . 2005-11-22 17:30 2064608 ----a-w- c:\program\2024PPLiveSetup1[1].0.9.7.exe
2005-11-11 19:57 . 2005-11-11 19:57 3782705 ----a-w- c:\program\wace26i.exe
2005-09-01 14:21 . 2005-03-08 14:12 2855080 ----a-w- c:\program\aawsepersonal.exe
2005-07-22 19:37 . 2005-07-22 19:37 3820789 ----a-w- c:\program\wace26i5.exe
2005-06-05 19:19 . 2005-06-05 19:19 9270888 ----a-w- c:\program\MPSetupXP.exe
2005-03-08 14:10 . 2005-03-08 14:10 6526608 ----a-w- c:\program\MicrosoftAntiSpywareInstall.exe
2005-03-05 12:52 . 2005-03-05 12:52 6224944 ----a-w- c:\program\zip.EXE
2005-03-05 12:47 . 2005-03-05 12:47 1935492 ----a-w- c:\program\usb2v252.zip
2005-03-05 12:47 . 2005-03-05 12:47 19373650 ----a-w- c:\program\WDM_3663.zip
2005-03-05 12:45 . 2005-03-05 12:45 1355959 ----a-w- c:\program\4in1_449.zip
2005-02-26 13:45 . 2005-02-26 13:45 12768256 ----a-w- c:\program\MediaPlayer10Setup.exe
2005-02-24 19:48 . 2005-02-24 19:48 504320 ----a-w- c:\program\daemon347.exe
2005-02-22 13:38 . 2005-02-22 13:38 81920 ----a-w- c:\program\daemon.exe
2004-11-18 19:43 . 2004-11-18 19:43 185 ----a-w- c:\program\crack.txt
2004-11-05 11:53 . 2004-11-05 11:53 314 ----a-w- c:\program\partner.xml
2004-11-05 11:53 . 2004-11-05 11:53 24 ----a-w- c:\program\partner.xml.sig
2004-10-20 22:57 . 2004-10-20 22:57 12297384 ----a-w- c:\program\QuickTimeFullInstaller.exe
2004-05-09 15:46 . 2004-05-09 15:44 18384248 ----a-w- c:\program\AdbeRdr60_sve_full.exe
2004-05-08 15:00 . 2004-05-08 15:00 4217352 ----a-w- c:\program\DivX511.exe
2004-05-07 11:16 . 2004-05-07 11:16 734160 ----a-w- c:\program\VobSub_2.23.exe
2004-03-07 16:51 . 2004-03-07 16:51 24265736 ----a-w- c:\program\dotnetfx.exe
2004-03-07 16:11 . 2004-03-07 16:11 4950472 ----a-w- c:\program\SetupDl.exe
1999-05-21 04:05 . 2007-11-07 16:55 2342400 ----a-w- c:\program\DATA1.MSI
1999-04-19 15:23 . 2007-11-07 16:55 165376 ----a-w- c:\program\MSOWC.MSI
1999-04-08 22:12 . 2007-11-07 16:55 262415 ----a-w- c:\program\INSTALL.EXE
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"OM2_Monitor"="c:\program\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]
"nwiz"="nwiz.exe" [2003-11-17 753664]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-09-01 282624]
"DAEMON Tools-1033"="c:\program\D-Tools\daemon.exe" [2004-08-22 81920]
"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"NeroFilterCheck"="c:\program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Malwarebytes Anti-Malware (reboot)"="c:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Symantec NetDriver Warning"="c:\program\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-26 110592]
Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 08:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Direct Connect\\DC++ Stealth v0.5.exe"=
"c:\\Program\\BitLord\\BitLord.exe"=
"c:\\Program\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7491:TCP"= 7491:TCP:ppLive
"3696:UDP"= 3696:UDP:ppLive
"8433:TCP"= 8433:TCP:ppLive
"5678:UDP"= 5678:UDP:ppLive
"4960:TCP"= 4960:TCP:ppLive
"8107:UDP"= 8107:UDP:ppLive
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2005-02-24 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2005-02-24 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-17 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2008-07-17 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2008-07-17 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-13 54752]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program\Symantec\LiveUpdate\AluSchedulerSvc.exe [2006-09-27 100032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-03-11 102712]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]
S3 apl531;35mm Film Scanner;c:\windows\system32\drivers\FilmScan.sys [2006-07-31 580992]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2005-08-18 40788]
.
------- Extra genomsökning -------
.
uStart Page =
hxxp://www.expekt.com/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sTrusted Zone: cpalock.com\www
Trusted Zone: foreningssparbanken.se\ekort
Trusted Zone: tv4-anytime.se\www
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
HKCU-Run-cworld - c:\windows\cworld.exe
HKCU-Run-mzow - c:\program\COMMON~1\mzow\mzowm.exe
HKCU-Run-LightScribe Control Panel - c:\program\Delade filer\LightScribe\LightScribeControlPanel.exe
HKLM-Run-Media Pass - c:\program files\Media Pass\MediaPassK.exe
HKLM-Run-Vgvdzsy - c:\program files\Xrdhmye\Ykgppv.exe
HKLM-Run-StillMnt - WCamRmv.exe
HKU-Default-Run-Symantec Network Driver Update Warning - c:\program\Symantec\LIVEUP~1\SNDWarn.EXE
Notify-hggfefg - hggfefg.dll
Notify-hggfgfd - hggfgfd.dll
Notify-ljjihee - ljjihee.dll
SafeBoot-serfing.sys
AddRemove-35mm film scanner - c:\windows\FILMSCANuns.exe USB\Vid_05a9&PID_35E3 35mm Film Scanner
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN040A.EXE -fc:\program\Adobe\Photoshop 7.0\Uninst.isu -cc:\program\Adobe\Photoshop 7.0\Uninst.dll
AddRemove-Lame MP3 Codec (for the ACM) - c:\windows\IFinst26.exe -Uc:\program\Lame MP3 Codec\IFU23.inf
AddRemove-Media Gateway - c:\documents and settings\XP\Lokala inställningar\Temporary Internet Files\Content.IE5\KD63GPEN\MediaGateway[1].exe
AddRemove-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
AddRemove-USB Super Link - c:\windows\ISUNINST.EXE -fc:\program\USB Super Link\Uninst.isu -cc:\windows\Setupdll.dll
AddRemove-XviD - c:\program\XviD\UninstXviD.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-08 23:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x820A8008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8579fc3
\Driver\ACPI -> ACPI.sys @ 0xf84c6cb8
\Driver\atapi -> 0x820a8008
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
ParseProcedure -> ntoskrnl.exe @ 0x8056f08e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
- - - - - - - > 'explorer.exe'(1240)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\nvsvc32.exe
c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program\AVG\AVG8\avgrsx.exe
c:\program\Analog Devices\SoundMAX\SMAgent.exe
c:\program\AVG\AVG8\avgnsx.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\WgaTray.exe
c:\windows\VdCap03C\StillMnt.exe
c:\program\Delade filer\Ahead\Lib\NMIndexingService.exe
c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Sluttid: 2009-12-08 23:32:48 - datorn startades om.
ComboFix-quarantined-files.txt 2009-12-08 22:32
Före genomsökningen: 37 582 434 304 byte ledigt
Efter genomsökningen: 37 582 761 984 byte ledigt
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - C3136A7608358219C663735DC1553B9E