Here is the post from combofix and i would be happy if you can help me
/Mia
ComboFix 10-01-12.02 - meal 2010-01-12 23:25:08.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.495.136 [GMT 1:00]
Körs från: c:\documents and settings\meal\Skrivbord\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM2a3d27dc.txt
c:\windows\cookies.ini
c:\windows\pskt.ini
c:\windows\system32\Cache
c:\windows\system32\fccbASLc.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmikyxuijxt.dat
c:\windows\system32\H8SRTtbbmqppfao.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\pagefileconfig.vbs
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys
(((((((((((((((((((((((( Filer Skapade från 2009-12-12 till 2010-01-12 ))))))))))))))))))))))))))))))
.
2010-01-12 21:42 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-12 21:42 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-12 21:42 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-12 21:42 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-12 21:42 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-12 21:42 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-01-12 21:41 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-12 21:41 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-12 21:41 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-12 21:41 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\program\Delade filer\PC Tools
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\program\Spyware Doctor
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\documents and settings\meal\Application Data\PC Tools
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-12 21:39 . 2010-01-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-09 20:40 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-09 20:40 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-09 20:37 . 2003-04-24 11:00 28160 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-22 10:51 . 2009-12-22 10:51 -------- d-----w- C:\Voddler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 06:09 . 1979-12-31 23:00 498702 ----a-w- c:\windows\system32\perfh01D.dat
2010-01-12 06:09 . 1979-12-31 23:00 104592 ----a-w- c:\windows\system32\perfc01D.dat
2010-01-09 21:54 . 2009-07-24 17:04 921632 ----a-w- C:\PA7311.DAT
2009-10-29 07:46 . 2006-06-23 12:30 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 08:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 1979-12-31 23:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2004-08-04 08:33 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-04 08:33 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program\DNA\btdna.exe" [2009-11-07 323392]
"DAEMON Tools Lite"="c:\program\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 55296]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 88267]
"Apoint"="c:\program\Apoint2K\Apoint.exe" [2003-06-23 147456]
"LManager"="c:\program\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"PWRISOVM.EXE"="c:\program\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program\Winamp\winampa.exe" [2008-03-27 36352]
"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\meal\Start-meny\Program\Autostart\
BitTorrent.lnk - c:\program\BitTorrent\bittorrent.exe [2008-2-11 654128]
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.exe.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-2 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program\\Opera\\Opera.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-01-12 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-10-25 716272]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-12 112592]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 CB102;LevelOne 10/100Mbps 32bit iPort PC Card;c:\windows\system32\drivers\cb102.sys [2001-09-14 42752]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program\Spyware Doctor\pctsAuxs.exe [2010-01-12 359624]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://thepiratebay.org/
IE: E&xport to Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Comp ... eQuery.dll
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
BHO-{55415FD9-41DA-4019-B319-A95EE608A0DE} - c:\windows\system32\khfCvUoN.dll
BHO-{83ccca3f-5133-4433-afa1-b340592a49a5} - c:\windows\system32\tvpqxirv.dll
HKLM-Run-BM2a3d27dc - c:\windows\system32\ujakdaaq.dll
Notify-fccbASLc - fccbASLc.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 23:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spjk.sys >>UNKNOWN [0x85792938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75fcf28
\Driver\ACPI -> ACPI.sys @ 0xf743acb8
\Driver\atapi -> atapi.sys @ 0xf7391b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72ecbb0
PacketIndicateHandler -> NDIS.sys @ 0xf72dba0d
SendHandler -> NDIS.sys @ 0xf72efb40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
- - - - - - - > 'explorer.exe'(2760)
c:\program\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\System32\PAStiSvc.exe
c:\program\Apoint2K\Apntex.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Sluttid: 2010-01-12 23:43:29 - datorn startades om.
ComboFix-quarantined-files.txt 2010-01-12 22:43
Före genomsökningen: 591 593 472 byte ledigt
Efter genomsökningen: 4 851 990 528 byte ledigt
- - End Of File - - 65EA5CF77C4F8BB984B7B3910DFE088C