Показано с 1 по 4 из 4.

Slow computer, firefox crashes

  1. #1
    Junior Member Репутация
    Регистрация
    08.11.2008
    Сообщений
    2
    Вес репутации
    34

    Slow computer, firefox crashes

    8.11.2008 16:38:07 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
    8.11.2008 16:38:07 System Restore: enabled
    8.11.2008 16:38:08 1.1 Searching for user-mode API hooks
    8.11.2008 16:38:08 Analysis: kernel32.dll, export table found in section .text
    8.11.2008 16:38:08 Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
    8.11.2008 16:38:08 Hook kernel32.dll:CreateProcessA (99) blocked
    8.11.2008 16:38:08 Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
    8.11.2008 16:38:08 Hook kernel32.dll:CreateProcessW (103) blocked
    8.11.2008 16:38:08 Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ABDE->61F041FC
    8.11.2008 16:38:08 Hook kernel32.dll:FreeLibrary (241) blocked
    8.11.2008 16:38:08 Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B4CF->61F040FB
    8.11.2008 16:38:08 Hook kernel32.dll:GetModuleFileNameA (372) blocked
    8.11.2008 16:38:08 Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B3D5->61F041A0
    8.11.2008 16:38:08 Hook kernel32.dll:GetModuleFileNameW (373) blocked
    8.11.2008 16:38:08 Function kernel32.dll:GetProcAddress (40 intercepted, method ProcAddressHijack.GetProcAddress ->7C80ADA0->61F04648
    8.11.2008 16:38:08 Hook kernel32.dll:GetProcAddress (40 blocked
    8.11.2008 16:38:08 Function kernel32.dlloadLibraryA (57 intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
    8.11.2008 16:38:08 Hook kernel32.dlloadLibraryA (57 blocked
    8.11.2008 16:38:08 >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
    8.11.2008 16:38:08 Function kernel32.dlloadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
    8.11.2008 16:38:08 Hook kernel32.dlloadLibraryExA (579) blocked
    8.11.2008 16:38:08 >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    8.11.2008 16:38:08 Function kernel32.dlloadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
    8.11.2008 16:38:08 Hook kernel32.dlloadLibraryExW (580) blocked
    8.11.2008 16:38:08 Function kernel32.dlloadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AE4B->61F03D0C
    8.11.2008 16:38:08 Hook kernel32.dlloadLibraryW (581) blocked
    8.11.2008 16:38:08 IAT modification detected: GetModuleFileNameW - 00C20010<>7C80B3D5
    8.11.2008 16:38:08 Analysis: ntdll.dll, export table found in section .text
    8.11.2008 16:38:08 Analysis: user32.dll, export table found in section .text
    8.11.2008 16:38:08 Analysis: advapi32.dll, export table found in section .text
    8.11.2008 16:38:08 Analysis: ws2_32.dll, export table found in section .text
    8.11.2008 16:38:09 Analysis: wininet.dll, export table found in section .text
    8.11.2008 16:38:09 Analysis: rasapi32.dll, export table found in section .text
    8.11.2008 16:38:09 Analysis: urlmon.dll, export table found in section .text
    8.11.2008 16:38:09 Analysis: netapi32.dll, export table found in section .text
    8.11.2008 16:38:09 1.2 Searching for kernel-mode API hooks
    8.11.2008 16:38:10 Driver loaded successfully
    8.11.2008 16:38:10 SDT found (RVA=083120)
    8.11.2008 16:38:10 Kernel ntoskrnl.exe found in memory at address 804D7000
    8.11.2008 16:38:10 SDT = 8055A120
    8.11.2008 16:38:10 KiST = 804E26A8 (284)
    8.11.2008 16:38:10 Function NtAlertResumeThread (0C) intercepted (8062F288->8519BC8, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtAlertThread (0D) intercepted (8057A8B8->8519BD6, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtAllocateVirtualMemory (11) intercepted (8056897D->851CFCB, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtConnectPort (1F) intercepted (8058BC70->8522D19, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtCreateKey (29) intercepted (80570647->F5944EB0), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtCreateMutant (2B) intercepted (805748CF->8519B9D, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtCreateThread (35) intercepted (8057BE6A->851CFE10), hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtDebugActiveProcess (39) intercepted (8065A585->8519B65, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtDeleteKey (3F) intercepted (805956DA->F5945130), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtDeleteValueKey (41) intercepted (805940B0->F5945690), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtEnumerateKey (47) intercepted (80570D4E->F7479A92), hook C:\WINDOWS\system32\Drivers\sptd.sys
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtEnumerateValueKey (49) intercepted (8057E296->F7479E20), hook C:\WINDOWS\system32\Drivers\sptd.sys
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtFreeVirtualMemory (53) intercepted (805692A8->851CFB1, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtImpersonateAnonymousToken (59) intercepted (805973FD->8519BAC, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtImpersonateThread (5B) intercepted (8057E8B9->8519BBA, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtMapViewOfSection (6C) intercepted (805781F1->851CFA3, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtOpenEvent (72) intercepted (8057EC53->8519B8F, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtOpenKey (77) intercepted (805686DB->F7474090), hook C:\WINDOWS\system32\Drivers\sptd.sys
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtOpenProcessToken (7B) intercepted (8056C3FE->851CF05, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtOpenSection (7D) intercepted (805740EF->8519B73, hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtOpenThreadToken (81) intercepted (8056BE9B->851CF810), hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtQueryKey (A0) intercepted (80570A57->F7479EF, hook C:\WINDOWS\system32\Drivers\sptd.sys
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtQueryValueKey (B1) intercepted (8056CCA6->F7479D7, hook C:\WINDOWS\system32\Drivers\sptd.sys
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtResumeThread (CE) intercepted (8057C4DD->851B7760), hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:10 Function NtSetContextThread (D5) intercepted (8062D5E7->851CF750), hook not defined
    8.11.2008 16:38:10 >>> Function restored successfully !
    8.11.2008 16:38:10 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtSetInformationProcess (E4) intercepted (8056C10A->851CF8E0), hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtSetInformationThread (E5) intercepted (8057218B->851CF680), hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtSetValueKey (F7) intercepted (80579D5F->F59458E0), hook C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtSuspendProcess (FD) intercepted (8062F1CD->8519B81, hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtSuspendThread (FE) intercepted (805E05D5->8519BEB0), hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtTerminateProcess (101) intercepted (80584CB9->850FE1F, hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtTerminateThread (102) intercepted (8057B583->8519BF90), hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtUnmapViewOfSection (10B) intercepted (80577D76->8519005, hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:11 Function NtWriteVirtualMemory (115) intercepted (8057E6A2->851CFBE, hook not defined
    8.11.2008 16:38:11 >>> Function restored successfully !
    8.11.2008 16:38:11 >>> Hook code blocked
    8.11.2008 16:38:12 Functions checked: 284, intercepted: 34, restored: 34
    8.11.2008 16:38:12 1.3 Checking IDT and SYSENTER
    8.11.2008 16:38:12 Analysis for CPU 1
    8.11.2008 16:38:12 Checking IDT and SYSENTER - complete
    8.11.2008 16:38:12 1.4 Searching for masking processes and drivers
    8.11.2008 16:38:12 Checking not performed: extended monitoring driver (AVZPM) is not installed
    8.11.2008 16:38:12 Driver loaded successfully
    8.11.2008 16:38:12 1.5 Checking of IRP handlers
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_CREATE] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_CLOSE] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_WRITE] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_EA] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 857471E8 -> hook not defined
    8.11.2008 16:38:12 \FileSystem\ntfs[IRP_MJ_PNP] = 857471E8 -> hook not defined
    8.11.2008 16:38:13 Checking - complete
    8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: TermService (P&#228;&#228;tepalvelut)
    8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: SSDPSRV (SSDP-palvelu (Simple Service Discovery Protocol))
    8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: Schedule (Teht&#228;vien ajoitus)
    8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting et&#228;ty&#246;p&#246;yd&#228;n jakaminen)
    8.11.2008 16:38:36 >> Services: potentially dangerous service allowed: RDSessMgr (Et&#228;ty&#246;p&#246;yd&#228;n ohjeen istunnonhallinta)
    8.11.2008 16:38:36 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    8.11.2008 16:38:36 >> Security: disk drives' autorun is enabled
    8.11.2008 16:38:36 >> Security: administrative shares (C$, D$ ...) are enabled
    8.11.2008 16:38:36 >> Security: anonymous user access is enabled
    8.11.2008 16:38:37 >> Security: sending Remote Assistant queries is enabled
    8.11.2008 16:38:42 >> Disable HDD autorun
    8.11.2008 16:38:42 >> Disable autorun from network drives
    8.11.2008 16:38:42 >> Disable CD/DVD autorun
    8.11.2008 16:38:42 >> Disable removable media autorun
    8.11.2008 16:38:42 System Analysis in progress
    8.11.2008 16:40:15 System Analysis - complete
    8.11.2008 16:40:15 Delete file:C:\Documents and Settings\Kribe\Ty&#246;p&#246;yt&#228;\Kaspersky Lab Tool\is-LCN6J\LOG\avptool_syscheck.htm
    8.11.2008 16:40:15 Delete file:C:\Documents and Settings\Kribe\Ty&#246;p&#246;yt&#228;\Kaspersky Lab Tool\is-LCN6J\LOG\avptool_syscheck.xml
    8.11.2008 16:40:15 Deleting service/driver: uti5ota4
    8.11.2008 16:40:15 Delete file:C:\WINDOWS\system32\Drivers\uti5ota4.sys
    8.11.2008 16:40:15 Deleting service/driver: uji5ota4
    8.11.2008 16:40:15 Script executed without errors

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для RiC
    Регистрация
    22.04.2005
    Сообщений
    1,988
    Вес репутации
    548
    8.11.2008 16:38:07 Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
    8.11.2008 16:38:07 System Restore: enabled
    8.11.2008 16:38:08 1.1 Searching for user-mode API hooks
    ...
    It a wrong log file, you need attach avptool_syscheck.zip to message.

  3. #3
    Junior Member Репутация
    Регистрация
    08.11.2008
    Сообщений
    2
    Вес репутации
    34
    Oh, sorry. Is this right?
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для RiC
    Регистрация
    22.04.2005
    Сообщений
    1,988
    Вес репутации
    548
    I can't see any suspicion in this log.
    Try delete temp files, with ccleaner, and check hardware

Похожие темы

  1. My Computer crashes whenever i use a flash enabled website
    От kaiser#41 в разделе Malware Removal Service
    Ответов: 2
    Последнее сообщение: 12.04.2010, 10:36
  2. slow pc crashes and IE redirects with fake scans
    От Richard1 в разделе Malware Removal Service
    Ответов: 21
    Последнее сообщение: 18.12.2009, 23:01
  3. Slow computer
    От p9carpen в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 06.06.2009, 21:18
  4. Slow computer
    От alwaleid в разделе Malware Removal Service
    Ответов: 4
    Последнее сообщение: 25.03.2009, 14:12
  5. Help me! my computer slow down. a turtle must be faster then my computer.
    От baris в разделе Malware Removal Service
    Ответов: 4
    Последнее сообщение: 09.05.2008, 09:41

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00401 seconds with 17 queries