Author Topic: SUSPICIOUS items in LOGS  (Read 1779 times)

0 Members and 1 Guest are viewing this topic.

Offline agentstar

  • Newbie
  • *
  • Posts: 17
SUSPICIOUS items in LOGS
« on: June 21, 2012, 11:54:41 AM »

please have a look at below

these are the logs of last packages generated LOGS in behaviour file

i am worried about the MODIFY bit in my registry. does that mean some one is hacking into my computer to do that?

is all this ok
please advise
 









* Started on: Thursday, June 14, 2012 4:06:16 PM
*

14/06/2012 21:15:27   Modification of: \REGISTRY\MACHINE\System\CurrentControlSet\Services\wuauserv\Type
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    Via: C:\WINDOWS\system32\services.exe
         -> Action allowed
14/06/2012 21:16:01   Modification of: \REGISTRY\USER\S-1-5-21-2052111302-1960408961-682003330-1003\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    Via: C:\Program Files\Internet Explorer\IEXPLORE.EXE
         -> Action allowed
14/06/2012 21:16:52   Modification of: \Registry\Machine\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    Via: C:\WINDOWS\system32\regsvr32.exe
         -> Action allowed
14/06/2012 21:28:52   Modification of: \REGISTRY\USER\S-1-5-21-2052111302-1960408961-682003330-1003\Software\Microsoft\Internet Explorer\Main\FullScreen
    By:  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
    Via: C:\Program Files\Internet Explorer\IEXPLORE.EXE
         -> Action allowed
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, June 15, 2012 7:47:16 AM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Friday, June 15, 2012 12:06:35 PM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: 16 June 2012 07:52:11
*

16/06/2012 10:00:47   Modification of: \REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
    By:  C:\WINDOWS\Installer\MSI48.tmp
    Via: C:\WINDOWS\system32\MsiExec.exe
         -> Action allowed
*
* avast! Real-time Shield Scan Report
* This file is generated automatically

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1557
Re: SUSPICIOUS items in LOGS
« Reply #1 on: June 21, 2012, 09:55:13 PM »
hey if you suspect something malware related please fallow this guide and post the logs here. then a malware guide will guide from there.

http://forum.avast.com/index.php?topic=53253.0

good luck and welcome to the forum.
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM