combofix log, er jeg infisert?

[KarateK1d]

 

ComboFix 08-06-10.3 - Joakim 2008-06-11 12:55:12.1 - NTFSx86

Running from: D:\DOCUME~1\Joakim\LOCALS~1\Temp\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\WINDOWS\system32\ss.exe

D:\WINDOWS\system32\tmp64.tmp

 

.

((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))

.

 

2008-06-10 15:24 . 2008-03-03 11:54 23,273 --a------ D:\WINDOWS\system32\Ludap17.ini

2008-06-10 15:24 . 2005-03-08 14:17 54 --a------ D:\WINDOWS\system32\ctzapxx.ini

2008-06-10 14:44 . 2008-06-10 14:45 <DIR> d-------- D:\Program Files\SystemRequirementsLab

2008-06-10 14:44 . 2008-06-10 14:44 <DIR> d-------- D:\Documents and Settings\Joakim\Application Data\SystemRequirementsLab

2008-06-07 14:39 . 2008-06-07 14:39 <DIR> d-------- D:\WINDOWS\nvidia icons

2008-06-06 14:57 . 2008-06-06 14:57 <DIR> d-------- D:\Program Files\Common Files\BioWare

2008-06-05 10:51 . 2008-06-05 10:51 <DIR> dr-h----- D:\$VAULT$.AVG

2008-06-03 02:56 . 2008-06-03 02:56 41,296 --a------ D:\WINDOWS\system32\xfcodec.dll

2008-05-26 17:55 . 2008-05-26 17:55 <DIR> d-------- D:\Documents and Settings\Joakim\Application Data\Ubisoft

2008-05-26 17:53 . 2007-10-12 15:14 3,734,536 --a------ D:\WINDOWS\system32\d3dx9_36.dll

2008-05-26 17:53 . 2007-10-12 15:14 1,374,232 --a------ D:\WINDOWS\system32\D3DCompiler_36.dll

2008-05-26 17:53 . 2007-10-02 09:56 444,776 --a------ D:\WINDOWS\system32\d3dx10_36.dll

2008-05-26 17:53 . 2007-10-22 03:39 267,272 --a------ D:\WINDOWS\system32\xactengine2_10.dll

2008-05-26 01:15 . 2008-05-26 01:15 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Last.fm

2008-05-15 12:12 . 2006-11-08 10:51 62,336 --------- D:\WINDOWS\system32\drivers\rspndr.sys

2008-05-15 12:12 . 2006-11-08 10:51 10,752 --------- D:\WINDOWS\system32\rspndr.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-11 10:58 155,117,600 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat

2008-06-11 10:58 --------- d-----w D:\Documents and Settings\Joakim\Application Data\mIRC

2008-06-11 10:52 --------- d-----w D:\Documents and Settings\Joakim\Application Data\GetRight

2008-06-11 10:17 --------- d-----w D:\Documents and Settings\Joakim\Application Data\AVG7

2008-06-11 00:10 1,822,052 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx

2008-06-10 13:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Creative

2008-06-10 13:24 --------- d--h--w D:\Program Files\InstallShield Installation Information

2008-06-10 13:24 --------- d-----w D:\Program Files\Creative

2008-06-10 13:23 413,696 ----a-w D:\WINDOWS\system32\wrap_oal.dll

2008-06-10 13:23 102,400 ----a-w D:\WINDOWS\system32\OpenAL32.dll

2008-06-10 11:54 --------- d-----w D:\Program Files\Xfire

2008-06-10 07:04 --------- d-----w D:\Documents and Settings\Joakim\Application Data\Xfire

2008-06-06 23:30 2,196,480 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp

2008-06-06 22:55 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll

2008-06-05 21:28 --------- d-----w D:\Documents and Settings\Joakim\Application Data\uTorrent

2008-06-05 21:11 --------- d-----w D:\Program Files\Mozilla Thunderbird

2008-05-31 00:31 --------- d-----w D:\Program Files\EVEMon

2008-05-31 00:31 --------- d-----w D:\Documents and Settings\Joakim\Application Data\EVEMon

2008-05-26 15:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\Ubisoft

2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:18 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll

2008-05-03 11:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\CCP

2008-04-30 15:27 442,368 ----a-w D:\WINDOWS\system32\NVUNINST.EXE

2008-04-21 07:04 659,456 ----a-w D:\WINDOWS\system32\wininet.dll

2008-04-14 11:01 272,128 ----a-w D:\WINDOWS\system32\drivers\bthport.sys

2008-04-10 22:55 4,417,287 ----a-w D:\WINDOWS\Internet Logs\tvDebug.zip

2008-03-27 08:12 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys

2008-03-18 15:02 22,833,304 ----a-w D:\WINDOWS\system32\AppSetup.exe

2008-03-13 21:11 75,248 ----a-w D:\WINDOWS\zllsputility.exe

2008-03-13 21:11 1,086,952 ----a-w D:\WINDOWS\system32\zpeng24.dll

2007-11-18 10:33 22,328 ----a-w D:\Documents and Settings\Joakim\Application Data\PnkBstrK.sys

2007-09-29 00:42 6,211,190 ----a-w D:\Documents and Settings\Joakim\Combined-Community-Codec-Pack-2007-07-22.exe

2007-09-28 20:51 2,010,624 ----a-w D:\Documents and Settings\Joakim\ventrilo-2.3.0-Windows-i386.exe

2007-09-28 20:17 1,164,456 ----a-w D:\Documents and Settings\Joakim\install_flash_player.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-12-02 11:00 15360]

"LogitechSoftwareUpdate"="W:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

"DAEMON Tools Pro Agent"="W:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [ ]

"SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 11:27 73728 D:\WINDOWS\MIDIDEF.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 07:04 847872]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 D:\WINDOWS\system32\nwiz.exe]

"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]

"RivaTunerStartupDaemon"="W:\Program Files\RivaTuner v2.05\RivaTuner.exe" [2007-09-27 19:20 2633728]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-12-02 11:00 110592 D:\WINDOWS\system32\bthprops.cpl]

"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 12:01 579584]

"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"LogitechVideoRepair"="W:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]

"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

"P17Helper"="SPIRun.dll" [2006-07-03 12:43 10752 D:\WINDOWS\system32\SPIRun.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-24 13:51 219136]

 

D:\Documents and Settings\Joakim\Start Menu\Programs\Startup\

Xfire.lnk - D:\Program Files\Xfire\xfire.exe [2008-06-03 02:56:46 3017040]

 

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\

GetRight.lnk - W:\Program Files\GetRight\GetRight.exe [2007-11-08 17:19:31 4527168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

W:\Program Files\Stardock\MyColors\fastload.dll 2007-08-13 19:11 24576 W:\Program Files\Stardock\MyColors\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=WIKI.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

W:\Program Files\DAEMON Tools Pro\DTProAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-06-08 15:14 217088 W:\Program Files\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 18:24 1694208 D:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-28 09:02 1271032 w:\program files\steam\steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]

--a------ 2006-10-12 22:27 304640 W:\Program Files\UltraMon\UltraMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"rpcapd"=3 (0x3)

"PnkBstrA"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\uTorrent\\uTorrent.exe"=

"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"D:\\Program Files\\MSN Messenger\\livecall.exe"=

"W:\\Games\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"W:\\Games\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"D:\\WINDOWS\\system32\\PnkBstrA.exe"=

"D:\\WINDOWS\\system32\\PnkBstrB.exe"=

"W:\\Games\\Neverwinter Nights 2\\nwn2main.exe"=

"W:\\Games\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"W:\\Games\\Neverwinter Nights 2\\nwupdate.exe"=

"W:\\Games\\Neverwinter Nights 2\\nwn2server.exe"=

"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"W:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"W:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"W:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"W:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"W:\\Games\\Mass Effect\\MassEffectLauncher.exe"=

"W:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=

 

R2 UltraMonUtility;UltraMon Utility Driver;D:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 22:22]

R2 WMP54GRSVC;WMP54GRSVC;"D:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe" "WMP54GR.exe" []

R3 StreamSurge;StreamSurge Driver (miniport);D:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 13:48]

R3 UltraMonMirror;UltraMonMirror;D:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 22:23]

S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);D:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{012dcb8c-83c7-11dc-a906-0016b69bc786}]

\Shell\AutoRun\command - G:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61186cc2-6dae-11dc-ab4f-806d6172696f}]

\Shell\AutoRun\command - G:\autoplay.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 12:58:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-11 12:59:44

ComboFix-quarantined-files.txt 2008-06-11 10:59:37

 

Pre-Run: 10,992,365,568 bytes free

Post-Run: 15,361,728,512 bytes free

 

185 --- E O F --- 2008-06-10 22:13:45

 

 

 

På forhånd takk for hjelpen

[norbat]

Umiddelbart er det ikke noe spesielt å se i loggen din. Er det noe som tilsier at du er infisert eller var det bare en sjekk?

 

Vi kan ta en ekstra runde:

Last ned Malwarebytes Anti-Malware (MAM) til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

 

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så påFjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste.

[KarateK1d]

takk skal du ha. Nei, jeg innbiler meg selv at jeg har vært finlk i forhold til rare linker. Men tror jeg har klikket på ett par av de av ren nysgerrighet fordi jeg trodde det ikke kunne skje noe uten at jeg klikket "yes".

Da jeg leste igjennom tråden om dette ble jeg pluttselig mindre sikker, så ville bare være sikker.

Ser ut som jeg er "in the clear" dåg.

 

 

Malwarebytes' Anti-Malware 1.17

Database version: 849

 

02:09:50 12.06.2008

mbam-log-6-12-2008 (02-09-50).txt

 

Scan type: Quick Scan

Objects scanned: 37402

Time elapsed: 3 minute(s), 28 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

Vil bare si igjen at jeg setter veldig pris på at du hjelper oss som ikke har like stor peiling på dette.

[norbat]

Ser fint ut dette.

 

Takk, bare hyggelig å være til hjelp. Noe fornuftig må man jo foreta seg innimellom når man sitter litt for mye framfor PC-en (til tider)