raport z avenger
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Completed script processing.
*******************
Finished! Terminate.
log z combofix
ComboFix 08-05-09.1 - Maciej 2008-05-13 9:46:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.60 [GMT 2:00]
Running from: D:\Programy\antywirusy\combofix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\amvo.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.
2008-05-11 10:38 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-10 16:00 . 2004-08-04 01:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-05-10 16:00 . 2004-08-04 00:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-05-10 16:00 . 2004-08-04 01:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-05-10 16:00 . 2004-08-04 01:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-05-10 16:00 . 2001-08-18 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-05-10 16:00 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-05-10 16:00 . 2004-08-04 01:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-05-10 16:00 . 2004-08-04 00:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-05-10 16:00 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-05-10 14:58 . 2008-05-10 14:59
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 07:48 --------- d-----w C:\Documents and Settings\Maciej\Dane aplikacji\Skype
2008-05-13 07:47 --------- d-----w C:\Documents and Settings\Maciej\Dane aplikacji\skypePM
2008-05-10 13:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-10 13:02 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-04-30 18:17 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-12 19:39 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Avant Browser\avant.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“16222:TCP”= 16222:TCP:BitComet 16222 TCP
“16222:UDP”= 16222:UDP:BitComet 16222 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 19:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 19:38]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 09:48:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
C:\Documents and Settings\Maciej\Dane aplikacji\Skype\maciekemski\dyncontent\bundle.dat-journal 2576 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-05-13 9:49:18
ComboFix-quarantined-files.txt 2008-05-13 07:49:15
Pre-Run: 5,636,665,344 bajtów wolnych
Post-Run: 5,647,806,464 bajtów wolnych
71