Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: agentstar on June 21, 2012, 11:54:41 AM

Title: SUSPICIOUS items in LOGS
Post by: agentstar on June 21, 2012, 11:54:41 AM

please have a look at below

these are the logs of last packages generated LOGS in behaviour file

i am worried about the MODIFY bit in my registry. does that mean some one is hacking into my computer to do that?

is all this ok
please advise
 









* Started on: Thursday, June 14, 2012 4:06:16 PM
*

14/06/2012 21:15:27   Modification of: \REGISTRY\MACHINE\System\CurrentControlSet\Services\wuauserv\Type
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    Via: C:\WINDOWS\system32\services.exe
         -> Action allowed
14/06/2012 21:16:01   Modification of: \REGISTRY\USER\S-1-5-21-2052111302-1960408961-682003330-1003\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    Via: C:\Program Files\Internet Explorer\IEXPLORE.EXE
         -> Action allowed
14/06/2012 21:16:52   Modification of: \Registry\Machine\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    Via: C:\WINDOWS\system32\regsvr32.exe
         -> Action allowed
14/06/2012 21:28:52   Modification of: \REGISTRY\USER\S-1-5-21-2052111302-1960408961-682003330-1003\Software\Microsoft\Internet Explorer\Main\FullScreen
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    Via: C:\Program Files\Internet Explorer\IEXPLORE.EXE
         -> Action allowed
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, June 15, 2012 7:47:16 AM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, June 15, 2012 12:06:35 PM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: 16 June 2012 07:52:11
*

16/06/2012 10:00:47   Modification of: \REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
    By:  C:\WINDOWS\Installer\MSI48.tmp
    Via: C:\WINDOWS\system32\MsiExec.exe
         -> Action allowed
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
Title: Re: SUSPICIOUS items in LOGS
Post by: mikaelrask on June 21, 2012, 09:55:13 PM
hey if you suspect something malware related please fallow this guide and post the logs here. then a malware guide will guide from there.

http://forum.avast.com/index.php?topic=53253.0

good luck and welcome to the forum.