MyCity » Ambulanta -> Arhiva Ambulante » Cudna dedekcija-avast

Cudna dedekcija-avast

Napisano na dan: 28.8.2010
1

Cudna dedekcija-avast
Sledeća strana Pagination

Idi na vrh

Poslao: 28 Avg 2010 19:43
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 28 Avg 2010 19:36

Ovako,danas dok sam bio na msn-u i pri tom sam hteo da udjem u kanter iz koga sam 2 minuta pre izasao avast je prijavio virus i nisam mogao da pokrenem kanter...Nakon toga sam skinuo malwarebytes i skenirao ceo komp...u toku skeniranja mbytesom,avast je prijavio da je i mbam.exe proces takodje virus...ovo mi se desilo i pre godinu ili 2 ne secam se tacno pa sam problem resio tako sto sam reinstalirao cs ali sada nisam to uradio...usput,odavno nisam proveravao komp u ambulanti pa evo prilike ako nije problem...

p.s.kazite ako trebam da okacim log malwarebytes-a...



DDS (Ver_10-03-17.01) - NTFSx86
Run by Miki at 19:34:10.85 on Sat 08/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1024.691 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programi\avast\AvastSvc.exe
D:\Programi\avast\avastUI.exe
D:\programi\audio driveri\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Programi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\Opera browser\opera.exe
C:\Documents and Settings\Miki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.turkojan.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programi\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programi\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] d:\programi\avast\avastUI.exe /nogui
mRun: [C-Media Echo Control] d:\programi\audio driveri\bin\EchoCtrl.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E4625E8B-4829-4F0C-9C45-E1F7273CC572} = 8.8.8.8,8.8.4.4
TCP: {FFA25F9E-D795-4643-AED2-24292D367649} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miki\applic~1\mozilla\firefox\profiles\xxnxbymj.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programi\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programi\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\programi\opera browser\program\plugins\npdsplay.dll
FF - plugin: d:\programi\opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programi\opera browser\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\programi\mozilla\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programi\mozilla\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programi\mozilla\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programi\mozilla\greprefs\all.js - pref("network.proxy.type", 5);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\programi\mozilla\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programi\mozilla\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programi\mozilla\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programi\mozilla\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("html5.enable", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programi\mozilla\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-20 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-20 17744]
R2 avast! Antivirus;avast! Antivirus;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2010-3-20 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-15 136176]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2010-6-23 65600]

=============== Created Last 30 ================

2010-08-28 16:17:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 16:17:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 23:09:39 2143 ----a-w- c:\documents and settings\miki\.recently-used.xbel
2010-07-30 07:48:47 0 d-----w- c:\docume~1\miki\applic~1\avidemux

==================== Find3M ====================

2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2001-11-23 12:08:20 712704 ----a-w- c:\windows\inf\other\audio3d.dll

============= FINISH: 19:34:51.84 ===============

https://www.mycity.rs/must-login.png

Dopuna: 28 Avg 2010 19:43

gmer logove cu naknadno da okacim

Poslao: 28 Avg 2010 20:05
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav i dobro dosao u Ambulantu MyCity foruma.




Detaljno isprati Uputstvo za otvaranje teme sa sledeceg link-a:
-> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Posebno obrati paznju na Korak #1: i Korak #3: .
U prevodu, postavi screenshot Avast-ove detekcije, Malwarebytes Anti'Malware log i GMER/RootRepeal log-ove.




goran9888 (AMF Tim)

Poslao: 29 Avg 2010 13:06
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 28 Avg 2010 20:21

Evo ti mbam log a gmer logove ces dobiti veceras najverovatnije jer trenutno nece da mi prikaci fajl uz poruku...avast detekciju nisam uspeo da uslikam...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/28/2010 7:25:11 PM
mbam-log-2010-08-28 (19-25-11).txt

Scan type: Full scan (C:\|D:\Smajli
Objects scanned: 151247
Time elapsed: 1 hour(s), 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{d18bbd1f-82bb-4385-bed3-e9d31a3e361e} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9dc243a5-ee33-4674-8563-89b48e779eb1} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3d14cb9-183b-4bc8-8ce4-cba37a6fe8c6} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4bbe4c0-bd72-4a33-817c-2e7e16de20bc} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Hacker Kit 2009\Xbox Live Membership Adder.exe (Trojan.Downloader) -> Not selected for removal.
D:\Hacker Kit 2009\Account Locker V3.0 By Kadmiwe\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
D:\Hacker Kit 2009\Brutus\BrutusA2.exe (HackTool.Brutus) -> Not selected for removal.
D:\Hacker Kit 2009\CyberGate v1.05.1\NE OTVARAJ-server.exe (Worm.Rebhip) -> Not selected for removal.
D:\Hacker Kit 2009\SkuLogger\SkuLogger.exe (Spyware.Logger) -> Not selected for removal.
D:\Hacker Kit 2009\ff stealer\server.exe (Trojan.Downloader) -> Not selected for removal.
D:\Hacker Kit 2009\ff stealer\stub.exe (Trojan.Downloader) -> Not selected for removal.
D:\System Volume Information\_restore{A430EB07-3DE8-4C83-9A56-02FD863E79DD}\RP140\A0106271.exe (Worm.Rebhip) -> Quarantined and deleted successfully.

Dopuna: 28 Avg 2010 20:22

p.s.ovo hacker kit 2009 i ovo sto je inficirano to su moji programi tako da to ne moras da racunas u viruse...

Dopuna: 29 Avg 2010 13:06

Iz nekog razloga ni u mozilio ni u operi nece da mi uplouduje preko "Prikaci fajl"opcije i to nije prvi put pa sam okacio na uppit ako nije problem...

http://uppit.com/l4kcbvlalawu/gmer1.log

http://uppit.com/d0ig3v4gfkmu/gmer2.log

http://uppit.com/t7h03087r8lb/gmer3.txt

Poslao: 29 Avg 2010 14:53
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

- Otvori Avast dvoklikom na ikonicu
- Klik na Show Report file (u donjem desnom uglu) kao na slici -> SLIKA
- Okaci log koji se bude otvorio opcijom Prikaci fajl u sledecoj poruci






goran9888 (AMF Tim)

Poslao: 29 Avg 2010 14:58
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

https://www.mycity.rs/must-login.png

Cudno...Evo sad hoce....Mislim da nece da mi uplouduje one .log fajlove...

Poslao: 29 Avg 2010 18:20
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Logovi koje si prilozio ne prikazuju znake malware-a, sto znaci da je tvoj racunar cist.

Arrow Potrebno je da iskljucis, pa ponovo ukljucis System Restore.
Uputstvo kako to uraditi: http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


Problem koji si imao sa Counter Strike-om je najverovatnije nastao jer koristis neku craackovanu/patchovanu verziju. Kupi original i neces imati problema.
Ukoliko pak zelis, imas mogucnost u Avast-u da napravis "izuzetak", tj. da namestis da neke fajlove/foldere ne skenira. Time bi resio problem sa Counter Strike-om.
Potrebno je da ispratis uputstvo sa slike i da folder gde je instaliran CS ubacis u Exclusions u File System Shield-u. Taj folder nakon ovog postupka vise nece biti skeniran od strane Avast-a.


-------------------------------------------------------------------------------

Preporuka:

- Preporucujem ti da instaliras Service Pack 3. Necu govoriti o njegovim prednostima u odnosu na SP2. Te informacije mozes naci na net-u. Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema.


---------------------------------------------------------------------------------

Molba:

- Zamolio bih te da u buducem, ako koristis "hacker tools" (npr: Hacker Kit 2009) ne otvaras teme u Ambulanti. Svi znamo za sta ti "programi" sluze, tako da necemo trositi vreme na nemarnost korisnika.






Pozdrav,
goran9888 (AMF Tim)

Poslao: 31 Avg 2010 12:59
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 29 Avg 2010 18:58

Ok Hvala puno Smile

Dopuna: 31 Avg 2010 12:23

Da ne otvaram novu temu...Pisacu ovde....

Elem,juce mi je brat ubacivao flesku u komp i mislim da je bila zarazena...Sinoc nisam primecivao znake infekcije ali jutros kad sam upalio komp primetio sam vrlo spor rad kompa,avast ne radi,u pocetku nije htelo u taskmanager,kad udjem u mycomputer ne prikazuje nista,firewall se disejblovao a kad udjem u task manager primecujem procese koji nisu postojali pre...



DDS (Ver_10-03-17.01) - NTFSx86
Run by Miki at 12:20:59.85 on Tue 08/31/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1024.724 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\programi\audio driveri\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\avast\VisthAux.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Programi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\Opera browser\opera.exe
C:\Documents and Settings\Miki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.turkojan.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programi\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programi\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] d:\programi\avast\avastUI.exe /nogui
mRun: [C-Media Echo Control] d:\programi\audio driveri\bin\EchoCtrl.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E4625E8B-4829-4F0C-9C45-E1F7273CC572} = 8.8.8.8,8.8.4.4
TCP: {FFA25F9E-D795-4643-AED2-24292D367649} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miki\applic~1\mozilla\firefox\profiles\xxnxbymj.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programi\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programi\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\programi\opera browser\program\plugins\npdsplay.dll
FF - plugin: d:\programi\opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programi\opera browser\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\programi\mozilla\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programi\mozilla\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programi\mozilla\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programi\mozilla\greprefs\all.js - pref("network.proxy.type", 5);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\programi\mozilla\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programi\mozilla\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programi\mozilla\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programi\mozilla\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("html5.enable", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programi\mozilla\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R?2 avast! Antivirus;avast! Antivirus;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-20 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-20 17744]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2010-3-20 30336]
S?2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-15 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
S3 avast! Web Scanner;avast! Web Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2010-6-23 65600]

=============== Created Last 30 ================

2010-08-29 19:54:23 4096 ----a-w- c:\windows\d3dx.dat
2010-08-28 16:17:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 16:17:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 23:09:39 2143 ----a-w- c:\documents and settings\miki\.recently-used.xbel

==================== Find3M ====================

2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2001-11-23 12:08:20 712704 ----a-w- c:\windows\inf\other\audio3d.dll

============= FINISH: 12:21:41.45 ===============

http://uppit.com/r39jax3o5pes/Attach.txt

Dopuna: 31 Avg 2010 12:59

http://uppit.com/ncdhhohi2p9t/gmer1.log

http://uppit.com/gnns1l9xfr2u/gmer2.log

http://uppit.com/oh8v8cer47rd/gmer3.txt

Poslao: 31 Avg 2010 16:45
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Log-ovi su cisti, sto znaci da ti je racunar cist.


Preporuka:

- Isprati "preporuku" iz mog prethodnog post-a
- Ukoliko zelis da se zastitis (koliko je to moguce) od malicioznih USB Flesh uredjaja, preporucujem ti da instaliras program "domaceg porekla" MShield: http://amf.mycity.rs/programs/mc/mcshield/




goran9888 (AMF Tim)

Poslao: 31 Avg 2010 20:00
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 31 Avg 2010 19:51

Izgleda da je problem bio avast...Posle objavljivanja ovih logova,kada ukljucim komp i odem u task manager,vidim da mi neka avast aplikacija nabije CPU do 100%...U pocetku nisam mogao u Safe Mode ali malopre sam uspeo i obrisao sam avast pa cu videti sta cu dalje...

U svakom slucaju puno hvala Smile

Dopuna: 31 Avg 2010 20:00

Znas li zbog cega je bila ovakva situacija sa avastom prosto mi se ovo prvi put desilo?

Poslao: 31 Avg 2010 21:35
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Video sam da imas problema sa Avast-om iz log-ova.
Zasto je konkretno problem nastao, ne znam.




Ovim mojim post-om zavrsavamo diskusiju u ovoj temi. Ukoliko pak zelis da diskutujes o tvom problemu sa Avast-om otvori temu u odgovarajucem podforumu.





Pozdrav,
goran9888 (AMF Tim)


Hvala sto verujes AMF Timu. Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » Cudna dedekcija-avast

Ko je trenutno na forumu
 

Ukupno su 1141 korisnika na forumu :: 22 registrovanih, 4 sakrivenih i 1115 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, bokisha253, Boris90, DejanCG, Drug Platov, Dukelander, Georgius, Halifax, hvost, ivicasimo, Koridor, krkalon, Kubovac, ozzy, Povratak1912, Toper, trajkoni018, vathra, voja64, šumar bk2, 1107