Показано с 1 по 2 из 2.

all programs causing errors

  1. #1
    Junior Member Репутация
    Регистрация
    23.10.2009
    Сообщений
    1
    Вес репутации
    30

    all programs causing errors

    everytime i try to run any program (exe) file it causes either a "Program has detected a problem and will close...Send/Donґt Send" or "error at adress ########..."
    when i ran Kaspersky Virus Removal Tool it detected only one virus(Trojan): Trojan-PSW.Win32.Kates.j in the File: c:\docume~1\admini~1\config~1\lwq.dat.
    I have attached the AVZ_CollectSysInfo result file: syscheck.txt.
    Thanks.

    -------------------------------------------

    <AVZ_CollectSysInfo>
    --------------------
    Start time: 23/10/2009 08:50:38 am
    Duration: 00:08:00
    Finish time: 23/10/2009 08:58:38 am

    <AVZ_CollectSysInfo>
    --------------------
    Time Event
    ---- -----
    23/10/2009 08:50:50 am Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
    23/10/2009 08:50:50 am System Restore: enabled
    23/10/2009 08:50:50 am System booted in Safe Mode with Networking
    23/10/2009 08:51:02 am 1.1 Searching for user-mode API hooks
    23/10/2009 08:51:02 am Analysis: kernel32.dll, export table found in section .text
    23/10/2009 08:51:02 am Function kernel32.dll:CreateProcessA (99) intercepted, method ProcAddressHijack.GetProcAddress ->7C802367->61F03F42
    23/10/2009 08:51:02 am Hook kernel32.dll:CreateProcessA (99) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:CreateProcessW (103) intercepted, method ProcAddressHijack.GetProcAddress ->7C802332->61F04040
    23/10/2009 08:51:02 am Hook kernel32.dll:CreateProcessW (103) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:FreeLibrary (241) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AA66->61F041FC
    23/10/2009 08:51:02 am Hook kernel32.dll:FreeLibrary (241) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:GetModuleFileNameA (372) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B357->61F040FB
    23/10/2009 08:51:02 am Hook kernel32.dll:GetModuleFileNameA (372) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:GetModuleFileNameW (373) intercepted, method ProcAddressHijack.GetProcAddress ->7C80B25D->61F041A0
    23/10/2009 08:51:02 am Hook kernel32.dll:GetModuleFileNameW (373) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:GetProcAddress (408) intercepted, method ProcAddressHijack.GetProcAddress ->7C80AC28->61F04648
    23/10/2009 08:51:02 am Hook kernel32.dll:GetProcAddress (408) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryA (578) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D77->61F03C6F
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryA (578) blocked
    23/10/2009 08:51:02 am >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryExA (579) intercepted, method ProcAddressHijack.GetProcAddress ->7C801D4F->61F03DAF
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryExA (579) blocked
    23/10/2009 08:51:02 am >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryExW (580) intercepted, method ProcAddressHijack.GetProcAddress ->7C801AF1->61F03E5A
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryExW (580) blocked
    23/10/2009 08:51:02 am Function kernel32.dll:LoadLibraryW (581) intercepted, method ProcAddressHijack.GetProcAddress ->7C80ACD3->61F03D0C
    23/10/2009 08:51:02 am Hook kernel32.dll:LoadLibraryW (581) blocked
    23/10/2009 08:51:03 am IAT modification detected: LoadLibraryW - 00E30010<>7C80ACD3
    23/10/2009 08:51:03 am Analysis: ntdll.dll, export table found in section .text
    23/10/2009 08:51:03 am Analysis: user32.dll, export table found in section .text
    23/10/2009 08:51:03 am Analysis: advapi32.dll, export table found in section .text
    23/10/2009 08:51:04 am Analysis: ws2_32.dll, export table found in section .text
    23/10/2009 08:51:04 am Analysis: wininet.dll, export table found in section .text
    23/10/2009 08:51:05 am Analysis: rasapi32.dll, export table found in section .text
    23/10/2009 08:51:05 am Analysis: urlmon.dll, export table found in section .text
    23/10/2009 08:51:06 am Analysis: netapi32.dll, export table found in section .text
    23/10/2009 08:51:08 am 1.2 Searching for kernel-mode API hooks
    23/10/2009 08:51:09 am Driver loaded successfully
    23/10/2009 08:51:09 am Driver communication failure [00000002] - [1]
    23/10/2009 08:51:11 am 1.4 Searching for masking processes and drivers
    23/10/2009 08:51:11 am Checking not performed: extended monitoring driver (AVZPM) is not installed
    23/10/2009 08:51:11 am Driver loaded successfully
    23/10/2009 08:51:11 am Driver communication failure [00000002] - [1]
    23/10/2009 08:53:05 am >>> C:\ARCHIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
    23/10/2009 08:53:05 am >>> C:\ARCHIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit
    23/10/2009 08:53:09 am Latent loading of libraries through AppInit_DLLs suspected: "winmm.dll"
    23/10/2009 08:53:14 am >>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: TermService (Servicios de Terminal Server)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: SSDPSRV (Servicio de descubrimientos SSDP)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: Schedule (Programador de tareas)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: mnmsrvc (Escritorio remoto compartido de NetMeeting)
    23/10/2009 08:53:16 am >> Services: potentially dangerous service allowed: RDSessMgr (Administrador de sesiуn de Ayuda de escritorio remoto)
    23/10/2009 08:53:16 am > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    23/10/2009 08:53:16 am >> Security: disk drives' autorun is enabled
    23/10/2009 08:53:16 am >> Security: administrative shares (C$, D$ ...) are enabled
    23/10/2009 08:53:17 am >> Security: anonymous user access is enabled
    23/10/2009 08:53:18 am >> Security: sending Remote Assistant queries is enabled
    23/10/2009 08:53:48 am >> Disable HDD autorun
    23/10/2009 08:53:49 am >> Disable autorun from network drives
    23/10/2009 08:53:49 am >> Disable CD/DVD autorun
    23/10/2009 08:53:50 am >> Disable removable media autorun
    23/10/2009 08:53:50 am >> Windows Update is disabled
    23/10/2009 08:53:51 am System Analysis in progress
    23/10/2009 08:58:38 am System Analysis - complete
    23/10/2009 08:58:38 am Delete file:C:\Archivos de programa\Virus Removal Tool\is-CNLUT\LOG\avptool_syscheck.htm
    23/10/2009 08:58:38 am Delete file:C:\Archivos de programa\Virus Removal Tool\is-CNLUT\LOG\avptool_syscheck.xml
    23/10/2009 08:58:38 am Deleting service/driver: utmxntu1
    23/10/2009 08:58:38 am Delete file:C:\WINDOWS\system32\Drivers\utmxntu1.sys
    23/10/2009 08:58:38 am Deleting service/driver: ujmxntu1
    23/10/2009 08:58:38 am Script executed without errors

    --------------------------------------------
    Вложения Вложения

  2. #2
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,703
    Вес репутации
    2833
    Сердце решает кого любить... Судьба решает с кем быть...

Похожие темы

  1. virus causing file folders missing, regedit and task manager disabled
    От ramirez_44 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 22.07.2010, 10:55
  2. PML Driver Errors
    От meshanya2007 в разделе Помогите!
    Ответов: 4
    Последнее сообщение: 22.02.2009, 01:53
  3. hi, beagle is causing me hell (srosa, hldrrr, mdelk)
    От istola в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 05.12.2008, 10:13
  4. hi, beagle is causing me hell (srosa, hldrrr, mdelk)
    От istola в разделе Помогите!
    Ответов: 0
    Последнее сообщение: 05.12.2008, 08:32
  5. new trojan errors
    От jjoshlin в разделе Microsoft Windows
    Ответов: 0
    Последнее сообщение: 25.07.2008, 22:18

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00988 seconds with 17 queries