Показано с 1 по 2 из 2.

all programs causing errors

  1. #1
    Junior Member Репутация
    Регистрация
    23.10.2009
    Сообщений
    1
    Вес репутации
    26

    all programs causing errors

    everytime i try to run any program (exe) file it causes either a "Program has detected a problem and will close...Send/Donґt Send" or "error at adress ########..."
    when i ran Kaspersky Virus Removal Tool it detected only one virus(Trojan): Trojan-PSW.Win32.Kates.j in the File: c:\docume~1\admini~1\config~1\lwq.dat.
    I have attached the AVZ_CollectSysInfo result file: syscheck.txt.
    Thanks.

    -------------------------------------------

    <AVZ_CollectSysInfo>
    --------------------
    Start time: 23/10/2009 08:50:38 am
    Duration: 00:08:00
    Finish time: 23/10/2009 08:58:38 am

    <AVZ_CollectSysInfo>
    --------------------
    Time Event
    ---- -----
    23/10/2009 08:50:50 am Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
    23/10/2009 08:50:50 am System Restore: enabled
    23/10/2009 08:50:50 am System booted in Safe Mode with Networking
    23/10/2009 08:51:02 am 1.1 Searching for user-mode API hooks
    23/10/2009 08:51:02 am Analysis: kernel32.dll, export table found in section .text
    23/10/2009 08:51:02 am Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
    23/10/2009 08:51:02 am Hook kernel32.dll:CreateProcessA (99) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
    23/10/2009 08:51:02 am Hook kernel32.dll:CreateProcessW (103) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AA66->61F041FC
    23/10/2009 08:51:02 am Hook kernel32.dll:FreeLibrary (241) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B357->61F040FB
    23/10/2009 08:51:02 am Hook kernel32.dll:GetModuleFileNameA (372) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B25D->61F041A0
    23/10/2009 08:51:02 am Hook kernel32.dll:GetModuleFileNameW (373) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC28->61F04648
    23/10/2009 08:51:02 am Hook kernel32.dll:GetProcAddress (408) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryA (578) blocked
    23/10/2009 08:51:02 am >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryExA (579) blocked
    23/10/2009 08:51:02 am >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryExW (580) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ACD3->61F03D0C
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryW (581) blocked
    23/10/2009 08:51:03 am IAT modification detected: LoadLibraryW - 00E30010<>7C80ACD3
    23/10/2009 08:51:03 am Analysis: ntdll.dll, export table found in section .text
    23/10/2009 08:51:03 am Analysis: user32.dll, export table found in section .text
    23/10/2009 08:51:03 am Analysis: advapi32.dll, export table found in section .text
    23/10/2009 08:51:04 am Analysis: ws2_32.dll, export table found in section .text
    23/10/2009 08:51:04 am Analysis: wininet.dll, export table found in section .text
    23/10/2009 08:51:05 am Analysis: rasapi32.dll, export table found in section .text
    23/10/2009 08:51:05 am Analysis: urlmon.dll, export table found in section .text
    23/10/2009 08:51:06 am Analysis: netapi32.dll, export table found in section .text
    23/10/2009 08:51:08 am 1.2 Searching for kernel-mode API hooks
    23/10/2009 08:51:09 am Driver loaded successfully
    23/10/2009 08:51:09 am Driver communication failure [00000002] - [1]
    23/10/2009 08:51:11 am 1.4 Searching for masking processes and drivers
    23/10/2009 08:51:11 am Checking not performed: extended monitoring driver (AVZPM) is not installed
    23/10/2009 08:51:11 am Driver loaded successfully
    23/10/2009 08:51:11 am Driver communication failure [00000002] - [1]
    23/10/2009 08:53:05 am >>> C:\ARCHIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
    23/10/2009 08:53:05 am >>> C:\ARCHIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
    23/10/2009 08:53:09 am Latent loading of libraries through AppInit_DLLs suspected: "winmm.dll"
    23/10/2009 08:53:14 am >>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: TermService (Servicios de Terminal Server)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: SSDPSRV (Servicio de descubrimientos SSDP)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: Schedule (Programador de tareas)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: mnmsrvc (Escritorio remoto compartido de NetMeeting)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: RDSessMgr (Administrador de sesiуn de Ayuda de escritorio remoto)
    23/10/2009 08:53:16 am > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    23/10/2009 08:53:16 am >> Security: disk drives' autorun is enabled
    23/10/2009 08:53:16 am >> Security: administrative shares (C$, D$ ...) are enabled
    23/10/2009 08:53:17 am >> Security: anonymous user access is enabled
    23/10/2009 08:53:18 am >> Security: sending Remote Assistant queries is enabled
    23/10/2009 08:53:48 am >> Disable HDD autorun
    23/10/2009 08:53:49 am >> Disable autorun from network drives
    23/10/2009 08:53:49 am >> Disable CD/DVD autorun
    23/10/2009 08:53:50 am >> Disable removable media autorun
    23/10/2009 08:53:50 am >> Windows Update is disabled
    23/10/2009 08:53:51 am System Analysis in progress
    23/10/2009 08:58:38 am System Analysis - complete
    23/10/2009 08:58:38 am Delete file:C:\Archivos de programa\Virus Removal Tool\is-CNLUT\LOG\avptool_syscheck.htm
    23/10/2009 08:58:38 am Delete file:C:\Archivos de programa\Virus Removal Tool\is-CNLUT\LOG\avptool_syscheck.xml
    23/10/2009 08:58:38 am Deleting service/driver: utmxntu1
    23/10/2009 08:58:38 am Delete file:C:\WINDOWS\system32\Drivers\utmxntu1.sys
    23/10/2009 08:58:38 am Deleting service/driver: ujmxntu1
    23/10/2009 08:58:38 am Script executed without errors

    --------------------------------------------
    Вложения Вложения

  2. #2
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,662
    Вес репутации
    2817
    Наша служба, будто сердце, отдыха не знает никогда.

Похожие темы

  1. virus causing file folders missing, regedit and task manager disabled
    От ramirez_44 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 22.07.2010, 10:55
  2. PML Driver Errors
    От meshanya2007 в разделе Помогите!
    Ответов: 4
    Последнее сообщение: 22.02.2009, 01:53
  3. hi, beagle is causing me hell (srosa, hldrrr, mdelk)
    От istola в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 05.12.2008, 10:13
  4. hi, beagle is causing me hell (srosa, hldrrr, mdelk)
    От istola в разделе Помогите!
    Ответов: 0
    Последнее сообщение: 05.12.2008, 08:32
  5. new trojan errors
    От jjoshlin в разделе Microsoft Windows
    Ответов: 0
    Последнее сообщение: 25.07.2008, 22:18

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00388 seconds with 20 queries