Avast virus - WindrwNS.SYS

Avast virus - WindrwNS.SYS

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Prilikom botovanja avast pokazuje sledeću iskačuću poruku...


Probao sa brisanje ...ali se opet pojavljuje...poslao sam i njihovom timu ovu prijetnju...

Prilažem log file...


https://www.mycity.rs/must-login.png

DDS - File...

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by xp at 12:23:33,31 on ned 15.05.2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.880 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spy Emergency *Disabled/Updated* {82117492-906E-4b02-A33A-84D42A2DD907}
FW: Outpost Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\ACD Systems\ACDSee\10.0\ACDSee10.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\xp\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall\feedback.exe" /dump:os_startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\xp\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\xp\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\xp\applic~1\mozilla\firefox\profiles\0wkwddr0.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-30 301528]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-6-30 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2010-6-30 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-30 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-30 42184]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-6-30 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-6-30 257432]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-11 27064]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2010-1-20 391688]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-05-08 22:12:37 53248 ----a-w- c:\windows\system32\suppdll.dll
2011-05-03 02:27:33 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-05-03 02:27:33 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-03 02:27:33 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-03 02:27:33 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-05-03 02:27:33 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-05-03 02:27:32 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-05-03 01:07:18 8 ----a-w- c:\windows\system32\Mlkf.dll
2011-05-02 23:41:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-25 23:49:49 -------- d-----w- c:\program files\Wise PC Engineer
.
==================== Find3M ====================
.
2011-05-02 23:41:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-03 13:34:16 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-03-20 19:22:59 1409 ----a-w- c:\windows\system32\tmpFEDE1.FOT
2011-03-20 19:22:59 1409 ----a-w- c:\windows\system32\tmpE1EE1.FOT
2011-03-20 19:22:59 1409 ----a-w- c:\windows\system32\tmp1ADE1.FOT
2011-03-20 19:22:59 1409 ----a-w- c:\windows\system32\tmp0CDE1.FOT
2011-03-02 10:43:46 175616 ----a-w- c:\windows\system32\unrar.dll
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 12:26:09,37 ===============
DDS Attach file...



https://www.mycity.rs/must-login.png

Gmer fajlovi ...





https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

RootRepeal...



https://www.mycity.rs/must-login.png

Programi koji se podižu sa windowsom...






Inače koristim bežični internet...

Hvala na pomoći...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav... Koristis li program Folder Lock?

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Da ...
Već godinu dana...

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

bobo 75 ::Da ...
Već godinu dana...


U pitanju je False Positive.. Stavi taj fajl u ignore listu i obavesti mailom Avast da je u pitanju FP.

offline
  • Pridružio: 14 Sep 2008
  • Poruke: 424
  • Gde živiš: Podgorica

Ok hvala Diarno
Veliki pozdrav!!!

Ko je trenutno na forumu
 

Ukupno su 639 korisnika na forumu :: 26 registrovanih, 5 sakrivenih i 608 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bane san, darkangel, DARKMEN22, djboj, Dorcolac, dragon986, Drug pukovnik, ekser222, goxin, HrcAk47, janezek67, Jovan Nenad, kovinacc, ladro, Libertas, ljuba, LUDI, MB120mm, Mercury, MrNo, nenad81, raso76, rexxpress, Srki98, Trpe Grozni