Я методом научного втыка определил, что скрипты рубает Ad Muncher!
Логи будут по позже!
Цитата Pili:
|
По поводу DSS - спасибо, убрал из правил. »
|
Чем могу!
Файл NPE2Host.dll получен 2008.09.19 09:14:14 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.19.0 2008.09.19 -
AntiVir 7.8.1.34 2008.09.18 -
Authentium 5.1.0.4 2008.09.19 -
Avast 4.8.1195.0 2008.09.18 -
AVG 8.0.0.161 2008.09.18 -
BitDefender 7.2 2008.09.19 -
CAT-QuickHeal 9.50 2008.09.19 -
ClamAV 0.93.1 2008.09.19 -
DrWeb 4.44.0.09170 2008.09.19 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6091 2008.09.16 -
Ewido 4.0 2008.09.18 -
F-Prot 4.4.4.56 2008.09.19 -
F-Secure 8.0.14332.0 2008.09.19 -
Fortinet 3.113.0.0 2008.09.19 -
GData 19 2008.09.19 -
Ikarus T3.1.1.34.0 2008.09.19 -
K7AntiVirus 7.10.461 2008.09.18 -
Kaspersky 7.0.0.125 2008.09.19 -
McAfee 5387 2008.09.18 -
Microsoft 1.3903 2008.09.19 -
NOD32v2 3453 2008.09.18 -
Norman 5.80.02 2008.09.18 -
Panda 9.0.0.4 2008.09.19 -
PCTools 4.4.2.0 2008.09.18 -
Prevx1 V2 2008.09.19 -
Rising 20.62.40.00 2008.09.19 -
Sophos 4.33.0 2008.09.19 -
Sunbelt 3.1.1647.1 2008.09.18 -
Symantec 10 2008.09.19 -
TheHacker 6.3.0.9.087 2008.09.18 -
TrendMicro 8.700.0.1004 2008.09.19 -
VBA32 3.12.8.5 2008.09.18 -
ViRobot 2008.9.19.1382 2008.09.19 -
VirusBuster 4.5.11.0 2008.09.18 -
Webwasher-Gateway 6.6.2 2008.09.19 -
Дополнительная информация
File size: 102400 bytes
MD5...: 84a2df4f6448b04c4d654018a7055eec
SHA1..: ddbf7194683816c93cd1541bdedf9384afb1b3b8
SHA256: de00a692355cf50233506ab6caa8b43b80162f44f72b380a45219442df358d98
SHA512: 64dfcc2f751f2e7486ca53ed980a82139347b01c9760e4e3926ffc5cbca54cfd
b50ff522e07aeaf3cae1f22cad0656fb96d9beb2f5baa252d3a3b4cded7cbe5f
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7185a0d2
timedatestamp.....: 0x4835d9d5 (Thu May 22 20:38:45 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xffb3 0x10000 6.56 b5c5bb80f4a9e8f36eb8487e506d5563
.rdata 0x11000 0x352f 0x4000 4.62 1ea3f8774039ec0ca3a1f050f7414aad
.data 0x15000 0x177c 0x1000 3.61 18a9b6fc85455328e389927cfd2b81af
.rsrc 0x17000 0x4d0 0x1000 1.28 191d71283ee5f07dc9fc6a624a84a5f6
.reloc 0x18000 0x1a42 0x2000 4.19 62a005c3db455eae36a8867a4de85f08
( 5 imports )
> KERNEL32.dll: LockResource, LoadResource, FindResourceW, FindResourceExW, HeapFree, GetProcessHeap, MultiByteToWideChar, GlobalUnlock, GlobalLock, GlobalAlloc, lstrcpyW, GetLastError, MulDiv, FlushInstructionCache, GetCurrentProcess, HeapAlloc, lstrlenW, lstrcmpW, GetModuleFileNameW, GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, VirtualFree, HeapCreate, GetCommandLineA, SizeofResource, GetStringTypeA, GetCPInfo, GetOEMCP, IsBadCodePtr, IsBadReadPtr, LoadLibraryA, WriteFile, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TerminateProcess, LCMapStringW, WideCharToMultiByte, LCMapStringA, GetSystemInfo, VirtualProtect, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, GetStringTypeW, InterlockedExchange, TlsFree, SetLastError, RtlUnwind, TlsAlloc, VirtualQuery, SetUnhandledExceptionFilter, GetModuleFileNameA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, IsBadWritePtr, VirtualAlloc, ExitProcess, LocalFree, HeapSize, HeapReAlloc, HeapDestroy, GetVersionExA
> USER32.dll: DestroyAcceleratorTable, GetWindowLongW, DestroyWindow, SendMessageW, UnregisterClassW, DefWindowProcW, SetWindowTextW, GetWindowTextW, GetWindowTextLengthW, RegisterClassExW, LoadCursorW, GetClassInfoExW, wsprintfW, CreateWindowExW, CreateAcceleratorTableW, CharNextW, GetParent, GetClassNameW, SetWindowPos, RedrawWindow, IsWindow, GetDlgItem, SetFocus, GetFocus, IsChild, GetWindow, SetWindowLongW, BeginPaint, EndPaint, CallWindowProcW, GetDesktopWindow, InvalidateRgn, InvalidateRect, ReleaseDC, GetDC, GetClientRect, FillRect, SetCapture, ReleaseCapture, GetSysColor, RegisterWindowMessageW
> GDI32.dll: GetStockObject, GetObjectW, GetDeviceCaps, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, DeleteDC, SelectObject, DeleteObject, CreateSolidBrush
> ole32.dll: OleRun, CoCreateInstance, CreateStreamOnHGlobal, OleUninitialize, StringFromGUID2, CoTaskMemAlloc, OleLockRunning, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, CoUninitialize, CoInitializeEx, OleInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
( 3 exports )
NP_GetEntryPoints, NP_Initialize, NP_Shutdown
По второму файлу - он используется по роботе!
