MyCity » Ambulanta -> Arhiva Ambulante » Cudna dedekcija-avast

Cudna dedekcija-avast

Napisano na dan: 28.8.2010
1

Cudna dedekcija-avast
Sledeća strana Pagination

Idi na vrh

Poslao: 28 Avg 2010 19:43
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 28 Avg 2010 19:36

Ovako,danas dok sam bio na msn-u i pri tom sam hteo da udjem u kanter iz koga sam 2 minuta pre izasao avast je prijavio virus i nisam mogao da pokrenem kanter...Nakon toga sam skinuo malwarebytes i skenirao ceo komp...u toku skeniranja mbytesom,avast je prijavio da je i mbam.exe proces takodje virus...ovo mi se desilo i pre godinu ili 2 ne secam se tacno pa sam problem resio tako sto sam reinstalirao cs ali sada nisam to uradio...usput,odavno nisam proveravao komp u ambulanti pa evo prilike ako nije problem...

p.s.kazite ako trebam da okacim log malwarebytes-a...



DDS (Ver_10-03-17.01) - NTFSx86
Run by Miki at 19:34:10.85 on Sat 08/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1024.691 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programi\avast\AvastSvc.exe
D:\Programi\avast\avastUI.exe
D:\programi\audio driveri\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Programi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\Opera browser\opera.exe
C:\Documents and Settings\Miki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.turkojan.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programi\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programi\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] d:\programi\avast\avastUI.exe /nogui
mRun: [C-Media Echo Control] d:\programi\audio driveri\bin\EchoCtrl.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E4625E8B-4829-4F0C-9C45-E1F7273CC572} = 8.8.8.8,8.8.4.4
TCP: {FFA25F9E-D795-4643-AED2-24292D367649} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miki\applic~1\mozilla\firefox\profiles\xxnxbymj.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programi\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programi\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\programi\opera browser\program\plugins\npdsplay.dll
FF - plugin: d:\programi\opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programi\opera browser\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\programi\mozilla\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programi\mozilla\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programi\mozilla\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programi\mozilla\greprefs\all.js - pref("network.proxy.type", 5);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\programi\mozilla\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programi\mozilla\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programi\mozilla\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programi\mozilla\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("html5.enable", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programi\mozilla\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-20 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-20 17744]
R2 avast! Antivirus;avast! Antivirus;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2010-3-20 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-15 136176]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2010-6-23 65600]

=============== Created Last 30 ================

2010-08-28 16:17:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 16:17:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 23:09:39 2143 ----a-w- c:\documents and settings\miki\.recently-used.xbel
2010-07-30 07:48:47 0 d-----w- c:\docume~1\miki\applic~1\avidemux

==================== Find3M ====================

2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2001-11-23 12:08:20 712704 ----a-w- c:\windows\inf\other\audio3d.dll

============= FINISH: 19:34:51.84 ===============

https://www.mycity.rs/must-login.png

Dopuna: 28 Avg 2010 19:43

gmer logove cu naknadno da okacim

Poslao: 28 Avg 2010 20:05
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav i dobro dosao u Ambulantu MyCity foruma.




Detaljno isprati Uputstvo za otvaranje teme sa sledeceg link-a:
-> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Posebno obrati paznju na Korak #1: i Korak #3: .
U prevodu, postavi screenshot Avast-ove detekcije, Malwarebytes Anti'Malware log i GMER/RootRepeal log-ove.




goran9888 (AMF Tim)

Poslao: 29 Avg 2010 13:06
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 28 Avg 2010 20:21

Evo ti mbam log a gmer logove ces dobiti veceras najverovatnije jer trenutno nece da mi prikaci fajl uz poruku...avast detekciju nisam uspeo da uslikam...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/28/2010 7:25:11 PM
mbam-log-2010-08-28 (19-25-11).txt

Scan type: Full scan (C:\|D:\Smajli
Objects scanned: 151247
Time elapsed: 1 hour(s), 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{d18bbd1f-82bb-4385-bed3-e9d31a3e361e} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9dc243a5-ee33-4674-8563-89b48e779eb1} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3d14cb9-183b-4bc8-8ce4-cba37a6fe8c6} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d4bbe4c0-bd72-4a33-817c-2e7e16de20bc} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Hacker Kit 2009\Xbox Live Membership Adder.exe (Trojan.Downloader) -> Not selected for removal.
D:\Hacker Kit 2009\Account Locker V3.0 By Kadmiwe\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
D:\Hacker Kit 2009\Brutus\BrutusA2.exe (HackTool.Brutus) -> Not selected for removal.
D:\Hacker Kit 2009\CyberGate v1.05.1\NE OTVARAJ-server.exe (Worm.Rebhip) -> Not selected for removal.
D:\Hacker Kit 2009\SkuLogger\SkuLogger.exe (Spyware.Logger) -> Not selected for removal.
D:\Hacker Kit 2009\ff stealer\server.exe (Trojan.Downloader) -> Not selected for removal.
D:\Hacker Kit 2009\ff stealer\stub.exe (Trojan.Downloader) -> Not selected for removal.
D:\System Volume Information\_restore{A430EB07-3DE8-4C83-9A56-02FD863E79DD}\RP140\A0106271.exe (Worm.Rebhip) -> Quarantined and deleted successfully.

Dopuna: 28 Avg 2010 20:22

p.s.ovo hacker kit 2009 i ovo sto je inficirano to su moji programi tako da to ne moras da racunas u viruse...

Dopuna: 29 Avg 2010 13:06

Iz nekog razloga ni u mozilio ni u operi nece da mi uplouduje preko "Prikaci fajl"opcije i to nije prvi put pa sam okacio na uppit ako nije problem...

http://uppit.com/l4kcbvlalawu/gmer1.log

http://uppit.com/d0ig3v4gfkmu/gmer2.log

http://uppit.com/t7h03087r8lb/gmer3.txt

Poslao: 29 Avg 2010 14:53
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

- Otvori Avast dvoklikom na ikonicu
- Klik na Show Report file (u donjem desnom uglu) kao na slici -> SLIKA
- Okaci log koji se bude otvorio opcijom Prikaci fajl u sledecoj poruci






goran9888 (AMF Tim)

Poslao: 29 Avg 2010 14:58
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

https://www.mycity.rs/must-login.png

Cudno...Evo sad hoce....Mislim da nece da mi uplouduje one .log fajlove...

Poslao: 29 Avg 2010 18:20
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Logovi koje si prilozio ne prikazuju znake malware-a, sto znaci da je tvoj racunar cist.

Arrow Potrebno je da iskljucis, pa ponovo ukljucis System Restore.
Uputstvo kako to uraditi: http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


Problem koji si imao sa Counter Strike-om je najverovatnije nastao jer koristis neku craackovanu/patchovanu verziju. Kupi original i neces imati problema.
Ukoliko pak zelis, imas mogucnost u Avast-u da napravis "izuzetak", tj. da namestis da neke fajlove/foldere ne skenira. Time bi resio problem sa Counter Strike-om.
Potrebno je da ispratis uputstvo sa slike i da folder gde je instaliran CS ubacis u Exclusions u File System Shield-u. Taj folder nakon ovog postupka vise nece biti skeniran od strane Avast-a.


-------------------------------------------------------------------------------

Preporuka:

- Preporucujem ti da instaliras Service Pack 3. Necu govoriti o njegovim prednostima u odnosu na SP2. Te informacije mozes naci na net-u. Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema.


---------------------------------------------------------------------------------

Molba:

- Zamolio bih te da u buducem, ako koristis "hacker tools" (npr: Hacker Kit 2009) ne otvaras teme u Ambulanti. Svi znamo za sta ti "programi" sluze, tako da necemo trositi vreme na nemarnost korisnika.






Pozdrav,
goran9888 (AMF Tim)

Poslao: 31 Avg 2010 12:59
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 29 Avg 2010 18:58

Ok Hvala puno Smile

Dopuna: 31 Avg 2010 12:23

Da ne otvaram novu temu...Pisacu ovde....

Elem,juce mi je brat ubacivao flesku u komp i mislim da je bila zarazena...Sinoc nisam primecivao znake infekcije ali jutros kad sam upalio komp primetio sam vrlo spor rad kompa,avast ne radi,u pocetku nije htelo u taskmanager,kad udjem u mycomputer ne prikazuje nista,firewall se disejblovao a kad udjem u task manager primecujem procese koji nisu postojali pre...



DDS (Ver_10-03-17.01) - NTFSx86
Run by Miki at 12:20:59.85 on Tue 08/31/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1024.724 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\programi\audio driveri\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programi\avast\VisthAux.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Programi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\Opera browser\opera.exe
C:\Documents and Settings\Miki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.turkojan.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\programi\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\programi\java\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] d:\programi\avast\avastUI.exe /nogui
mRun: [C-Media Echo Control] d:\programi\audio driveri\bin\EchoCtrl.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E4625E8B-4829-4F0C-9C45-E1F7273CC572} = 8.8.8.8,8.8.4.4
TCP: {FFA25F9E-D795-4643-AED2-24292D367649} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\miki\applic~1\mozilla\firefox\profiles\xxnxbymj.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\programi\java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programi\java\bin\new_plugin\npjp2.dll
FF - plugin: d:\programi\opera browser\program\plugins\npdsplay.dll
FF - plugin: d:\programi\opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programi\opera browser\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\programi\mozilla\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programi\mozilla\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programi\mozilla\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programi\mozilla\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programi\mozilla\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programi\mozilla\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programi\mozilla\greprefs\all.js - pref("network.proxy.type", 5);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\programi\mozilla\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\programi\mozilla\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programi\mozilla\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programi\mozilla\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programi\mozilla\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programi\mozilla\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programi\mozilla\greprefs\all.js - pref("html5.enable", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programi\mozilla\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programi\mozilla\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programi\mozilla\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programi\mozilla\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programi\mozilla\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programi\mozilla\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R?2 avast! Antivirus;avast! Antivirus;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-20 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-20 17744]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2010-3-20 30336]
S?2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-15 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
S3 avast! Web Scanner;avast! Web Scanner;d:\programi\avast\AvastSvc.exe [2010-3-20 40384]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2010-6-23 65600]

=============== Created Last 30 ================

2010-08-29 19:54:23 4096 ----a-w- c:\windows\d3dx.dat
2010-08-28 16:17:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 16:17:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 23:09:39 2143 ----a-w- c:\documents and settings\miki\.recently-used.xbel

==================== Find3M ====================

2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2001-11-23 12:08:20 712704 ----a-w- c:\windows\inf\other\audio3d.dll

============= FINISH: 12:21:41.45 ===============

http://uppit.com/r39jax3o5pes/Attach.txt

Dopuna: 31 Avg 2010 12:59

http://uppit.com/ncdhhohi2p9t/gmer1.log

http://uppit.com/gnns1l9xfr2u/gmer2.log

http://uppit.com/oh8v8cer47rd/gmer3.txt

Poslao: 31 Avg 2010 16:45
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Log-ovi su cisti, sto znaci da ti je racunar cist.


Preporuka:

- Isprati "preporuku" iz mog prethodnog post-a
- Ukoliko zelis da se zastitis (koliko je to moguce) od malicioznih USB Flesh uredjaja, preporucujem ti da instaliras program "domaceg porekla" MShield: http://amf.mycity.rs/programs/mc/mcshield/




goran9888 (AMF Tim)

Poslao: 31 Avg 2010 20:00
Idi na vrh
offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Napisano: 31 Avg 2010 19:51

Izgleda da je problem bio avast...Posle objavljivanja ovih logova,kada ukljucim komp i odem u task manager,vidim da mi neka avast aplikacija nabije CPU do 100%...U pocetku nisam mogao u Safe Mode ali malopre sam uspeo i obrisao sam avast pa cu videti sta cu dalje...

U svakom slucaju puno hvala Smile

Dopuna: 31 Avg 2010 20:00

Znas li zbog cega je bila ovakva situacija sa avastom prosto mi se ovo prvi put desilo?

Poslao: 31 Avg 2010 21:35
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Video sam da imas problema sa Avast-om iz log-ova.
Zasto je konkretno problem nastao, ne znam.




Ovim mojim post-om zavrsavamo diskusiju u ovoj temi. Ukoliko pak zelis da diskutujes o tvom problemu sa Avast-om otvori temu u odgovarajucem podforumu.





Pozdrav,
goran9888 (AMF Tim)


Hvala sto verujes AMF Timu. Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » Cudna dedekcija-avast

Ko je trenutno na forumu
 

Ukupno su 1216 korisnika na forumu :: 40 registrovanih, 5 sakrivenih i 1171 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, cenejac111, crnitrn, deLacy, DonRumataEstorski, dragoljub11987, galerija, Gall, hyla, jackreacher011011, janbo, Joco Skljoco, JOntra, Karla, Krusarac, laurusri, Leonov, mercedesamg, MrNo, opt1, panonski mornar, pein, procesor, repac, Ripanjac, sasa87, Srle993, Stoilkovic, suton, Trpe Grozni, tubular, Tvrtko I, Valter071, Vladko, wizzardone, xpforswodniw, ZetaMan, zixmix, šumar bk2, žeks62