ÎÎÎÎÎÎÎÎÎÎÎÎÎÎÔÔÔÔÔ
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
Äàòà: 31 Àâã 2007 13:31
ññûëêè òî òàê è íå ïîêàçàë îòêóäà îáíîâëåíèå êà÷àë.
êà÷àé ñ ñàéòà ñàìîãî çàéöåâà.
Çà âñå òâîè ìåëêèå ãàäîñòè, ñäåëàþ òåáå êðóïíûé ïîäàðîê.
[Ñîîáùåíèå èçìåíåíî ïîëüçîâàòåëåì 31.08.2007 15:08]
O
OneTwoOne .
êàêóþ ññûëêó, ñ ãëàâíîé ñòðàíèöû.
êà÷àþ, åñëè òîæå ñàìîå, óçíàåøü ÷òî òàêîå ãàäîñòè, Ãåðàìàí.
êà÷àþ, åñëè òîæå ñàìîå, óçíàåøü ÷òî òàêîå ãàäîñòè, Ãåðàìàí.
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
êà÷àþ, åñëè òîæå ñàìîå, óçíàåøü ÷òî òàêîå ãàäîñòè, Ãåðàìàí.
Íó âîï÷åì, òû ìåíÿ íè÷åì íå óäèâèë.
Âñ¸ ïðîãíîçèðóåòñÿ.
Êîãäà ñêà÷àåøü è óñòàíîâèøü - óäàëè ñòàðóþ âåðñèþ, òàê êàê çàéöåâ ïî÷òè ïîëíîñòüþ îáíîâèë avz.
--- 30.08.2007 --- ver 4.27
[Ñîîáùåíèå èçìåíåíî ïîëüçîâàòåëåì 31.08.2007 15:07]
O
OneTwoOne .
Ãåðà, òû ïðàâ, ÷î òî ÿ íå òî âèäèìî ñêà÷àë.
Ñïàñèáî òåáå.
Ïî ìîåìó ÿ æàë íà ññûëêó ñëåâà.
Òðîÿíîâ äî îäíîé ìàòåðè
Ñïàñèáî òåáå.
Ïî ìîåìó ÿ æàë íà ññûëêó ñëåâà.
Òðîÿíîâ äî îäíîé ìàòåðè
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
Ñïàñèáî òåáå.
Ïî ìîåìó ÿ æàë íà ññûëêó ñëåâà.
Òðîÿíîâ äî îäíîé ìàòåðè
Ñîõðàíè (ïîñëå îêîí÷àíèÿ ïðîâåðêè) â æóðíàëå îò÷¸ò î íàéäåííûõ îáúåêòàõ - êíîïî÷êà òàêàÿ ñ áîêó àâç â âèäå äèñêåòêè.
Ïîòîì ïîêàæåøü ÷åãî íà÷åñàë.
Ã
Ãðåøíèê
Ýòîò êîìï îáðå÷åí, åãî íèêòî è íè÷òî íå ñïàñåò.., õîçÿèí òàêîé:-d
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
Ýòîò êîìï îáðå÷åí, åãî íèêòî è íè÷òî íå ñïàñåò.., õîçÿèí òàêîé:-d
Ñ Áîæåé ïîìîùüþ âûòàùèì.
O
OneTwoOne .
âîò èìåííî. è íå âàì ñóäèòü îá ýòèõ âåùàõ, ãðåøíèê!
Ã
Ãðåøíèê
Âåäü ñêàçàë æå-ñíèìàé æåñòêèé äèñê è òàùè åãî ê ñèñàäìèíàì-òîëüêî òàê ìîæíî âûëå÷èòü...êàñïåð òàêîãî êîëè÷åñòâà âèðóñîâ íå âûòàùèò!
Õ
Õðóïàêîâ
Ìîæåò îðãàíèçîâàòü ñáîð ïîæåðòâîâàíèé íà íîâûé êîìï áåç âûõîäà â èíåò?
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
Òîëüêî íå óäàëÿé âñ¸ ïîäðÿä è òî, ÷òî îòìå÷åíî êðàñíûì.
×èòàé âíèìàòåëüíî, óäàëÿé íàâåðíÿêà è òîëüêî òî, ÷òî îïðåäåëÿåòñÿ êàê âèðóñ, âñ¸ îñòàëüíîå ìîæåò áûòü î÷åíü ñîìíèòåëüíûì ìîìåíòîì.
×òîáû óäàëÿòü íàâåðíÿêà, â ðó÷íóþ - ñìîòðè íàñòðîéêè.
 ïðàâîì âåðõíåì óãëó íàäî âêëþ÷èòü ïòè÷êó è çàòåì â íåñêîëüêèõ îêíàõ çàäàòü íåîáõîäèìûå îïöèè íà óäàëåíèå èëè ÷åãî õî÷åøü.
[Ñîîáùåíèå èçìåíåíî ïîëüçîâàòåëåì 31.08.2007 14:22]
O
OneTwoOne .
Ãåðà
÷î æàòü, ãîâîðè êàê íà äóõó.
Ïðîòîêîë àíòèâèðóñíîé óòèëèòû AVZ âåðñèè 4.27
Ñêàíèðîâàíèå çàïóùåíî â 31.08.2007 13:49:23
Çàãðóæåíà áàçà: 125002 ñèãíàòóðû, 2 íåéðîïðîôèëÿ, 55 ìèêðîïðîãðàìì ëå÷åíèÿ, áàçà îò 30.08.2007 14:15
Çàãðóæåíû ìèêðîïðîãðàììû ýâðèñòèêè: 371
Çàãðóæåíû ìèêðîïðîãðàììû ÈÏÓ: 9
Çàãðóæåíû öèôðîâûå ïîäïèñè ñèñòåìíûõ ôàéëîâ: 62028
Ðåæèì ýâðèñòè÷åñêîãî àíàëèçàòîðà: Ñðåäíèé óðîâåíü ýâðèñòèêè
Ðåæèì ëå÷åíèÿ: âûêëþ÷åíî
Âåðñèÿ Windows: 5.1.2600, Service Pack 1 ; AVZ ðàáîòàåò ñ ïðàâàìè àäìèíèñòðàòîðà
Âîññòàíîâëåíèå ñèñòåìû: âêëþ÷åíî
1. Ïîèñê RootKit è ïðîãðàìì, ïåðåõâàòûâàþùèõ ôóíêöèè API
1.1 Ïîèñê ïåðåõâàò÷èêîâ API, ðàáîòàþùèõ â UserMode
Àíàëèç kernel32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ kernel32.dll:LoadLibraryA (571) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E7D961->77ED6FC4
Ôóíêöèÿ kernel32.dll:LoadLibraryExA (572) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E7D941->77ED6FD3
Ôóíêöèÿ kernel32.dll:LoadLibraryExW (573) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E7D839->77ED6FF1
Ôóíêöèÿ kernel32.dll:LoadLibraryW (574) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E73B38->77ED6FE2
Äåòåêòèðîâàíà ìîäèôèêàöèÿ IAT: LoadLibraryA - 77ED6FC4<>77E7D961
Àíàëèç ntdll.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ ntdll.dll:LdrGetProcedureAddress (62) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F5336C->13428E
Ôóíêöèÿ ntdll.dll:LdrLoadDll (66) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F55669->1342CC
Ôóíêöèÿ ntdll.dll:NtCreateThread (136) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F75A4E->13425B
Ôóíêöèÿ ntdll.dll:NtQueryDirectoryFile (230) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F75FAE->13433A
Àíàëèç user32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç advapi32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç ws2_32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ ws2_32.dll:closesocket (3) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->71AB1A6D->13E42C
Àíàëèç wininet.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ wininet.dll:HttpQueryInfoA (205) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->762092E9->13D16E
Ôóíêöèÿ wininet.dll:HttpSendRequestExA (208) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->762548DB->13DF51
Ôóíêöèÿ wininet.dll:InternetCloseHandle (223) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7620974B->13D759
Ôóíêöèÿ wininet.dll:InternetQueryDataAvailable (268) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7620FC5E->13D909
Ôóíêöèÿ wininet.dll:InternetReadFile (272) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7620FA3C->13D8A7
Ôóíêöèÿ wininet.dll:InternetReadFileExA (273) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7622571D->13D8E8
Ôóíêöèÿ wininet.dll:InternetReadFileExW (274) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->76240C8A->13D8C7
Àíàëèç rasapi32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç urlmon.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç netapi32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
1.2 Ïîèñê ïåðåõâàò÷èêîâ API, ðàáîòàþùèõ â KernelMode
Îøèáêà çàãðóçêè äðàéâåðà - ïðîâåðêà ïðåðâàíà [C0000034]
1.4 Ïîèñê ìàñêèðîâêè ïðîöåññîâ è äðàéâåðîâ
Ïðîâåðêà íå ïðîèçâîäèòñÿ, òàê êàê íå óñòàíîâëåí äðàéâåð ìîíèòîðèíãà AVZPM
2. Ïðîâåðêà ïàìÿòè
Êîëè÷åñòâî íàéäåííûõ ïðîöåññîâ: 34
Êîëè÷åñòâî çàãðóæåííûõ ìîäóëåé: 326
Ïðÿìîå ÷òåíèå c:\documents and settings\all users\documents\settings\partnership.dll
c:\documents and settings\all users\documents\settings\partnership.dll >>>>> Trojan-Proxy.Win32.Xorpix.ar
Ïðîâåðêà ïàìÿòè çàâåðøåíà
3. Ñêàíèðîâàíèå äèñêîâ
Ïðÿìîå ÷òåíèå C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll >>>>> Trojan-Proxy.Win32.Xorpix.ar
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB824141$\user32.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
C:\WINDOWS\Samsung\ML-1210\Srefresh.exe >>> ïîäîçðåíèå íà Trojan-Downloader.Win32.Small.exo ( 003A6C42 00077CB7 001B86AE 001C8372 28672)
C:\WINDOWS\Samsung\ML1200\Srefresh.exe >>> ïîäîçðåíèå íà Trojan-Downloader.Win32.Small.exo ( 003A6C42 00077CB7 001B86AE 001C8372 28672)
Ïðÿìîå ÷òåíèå C:\WINDOWS\Temp\kav1.tmp
4. Ïðîâåðêà Winsock Layered Service Provider (SPI/LSP)
Íàñòðîéêè LSP ïðîâåðåíû. Îøèáîê íå îáíàðóæåíî
5. Ïîèñê ïåðåõâàò÷èêîâ ñîáûòèé êëàâèàòóðû/ìûøè/îêîí (Keylogger, òðîÿíñêèå DLL)
6. Ïîèñê îòêðûòûõ ïîðòîâ TCP/UDP, èñïîëüçóåìûõ âðåäîíîñíûìè ïðîãðàììàìè
Ïðîâåðêà îòêëþ÷åíà ïîëüçîâàòåëåì
7. Ýâðèñòè÷åcêàÿ ïðîâåðêà ñèñòåìû
Ïðîâåðêà çàâåðøåíà
8. Ïîèñê ïîòåíöèàëüíûõ óÿçâèìîñòåé
>> Ñëóæáû: ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà RemoteRegistry (Remote Registry)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà TermService (Terminal Services)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà SSDPSRV (SSDP Discovery Service)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà Messenger (Messenger)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà Alerter (Alerter)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà Schedule (Task Scheduler)
>> Áåçîïàñíîñòü: ðàçðåøåí àäìèíèñòðàòèâíûé äîñòóï ê ëîêàëüíûì äèñêàì (C$, D$ ...)
>>> Áåçîïàñíîñòü:  IE ðàçðåøåíû àâòîìàòè÷åñêèå çàïðîñû ýëåìåíòîâ óïðàâëåíèÿ ActiveX
>> Áåçîïàñíîñòü: Ðàçðåøåíà îòïðàâêà ïðèãëàøåíèé óäàëåííîìó ïîìîøíèêó
Ïðîâåðêà çàâåðøåíà
Ïðîñêàíèðîâàíî ôàéëîâ: 173134, èçâëå÷åíî èç àðõèâîâ: 156470, íàéäåíî âðåäîíîñíûõ ïðîãðàìì 2, ïîäîçðåíèé - 2
Ñêàíèðîâàíèå çàâåðøåíî â 31.08.2007 14:36:08
Ñêàíèðîâàíèå äëèëîñü 00:46:45
Åñëè ó Âàñ åñòü ïîäîçðåíèå íà íàëè÷èå âèðóñîâ èëè âîïðîñû ïî çàïîäîçðåííûì îáúåêòàì,
òî Âû ìîæåòå îáðàòèòüñÿ â êîíôåðåíöèþ - http://virusinfo.info
÷î æàòü, ãîâîðè êàê íà äóõó.
Ïðîòîêîë àíòèâèðóñíîé óòèëèòû AVZ âåðñèè 4.27
Ñêàíèðîâàíèå çàïóùåíî â 31.08.2007 13:49:23
Çàãðóæåíà áàçà: 125002 ñèãíàòóðû, 2 íåéðîïðîôèëÿ, 55 ìèêðîïðîãðàìì ëå÷åíèÿ, áàçà îò 30.08.2007 14:15
Çàãðóæåíû ìèêðîïðîãðàììû ýâðèñòèêè: 371
Çàãðóæåíû ìèêðîïðîãðàììû ÈÏÓ: 9
Çàãðóæåíû öèôðîâûå ïîäïèñè ñèñòåìíûõ ôàéëîâ: 62028
Ðåæèì ýâðèñòè÷åñêîãî àíàëèçàòîðà: Ñðåäíèé óðîâåíü ýâðèñòèêè
Ðåæèì ëå÷åíèÿ: âûêëþ÷åíî
Âåðñèÿ Windows: 5.1.2600, Service Pack 1 ; AVZ ðàáîòàåò ñ ïðàâàìè àäìèíèñòðàòîðà
Âîññòàíîâëåíèå ñèñòåìû: âêëþ÷åíî
1. Ïîèñê RootKit è ïðîãðàìì, ïåðåõâàòûâàþùèõ ôóíêöèè API
1.1 Ïîèñê ïåðåõâàò÷èêîâ API, ðàáîòàþùèõ â UserMode
Àíàëèç kernel32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ kernel32.dll:LoadLibraryA (571) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E7D961->77ED6FC4
Ôóíêöèÿ kernel32.dll:LoadLibraryExA (572) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E7D941->77ED6FD3
Ôóíêöèÿ kernel32.dll:LoadLibraryExW (573) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E7D839->77ED6FF1
Ôóíêöèÿ kernel32.dll:LoadLibraryW (574) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77E73B38->77ED6FE2
Äåòåêòèðîâàíà ìîäèôèêàöèÿ IAT: LoadLibraryA - 77ED6FC4<>77E7D961
Àíàëèç ntdll.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ ntdll.dll:LdrGetProcedureAddress (62) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F5336C->13428E
Ôóíêöèÿ ntdll.dll:LdrLoadDll (66) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F55669->1342CC
Ôóíêöèÿ ntdll.dll:NtCreateThread (136) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F75A4E->13425B
Ôóíêöèÿ ntdll.dll:NtQueryDirectoryFile (230) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->77F75FAE->13433A
Àíàëèç user32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç advapi32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç ws2_32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ ws2_32.dll:closesocket (3) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->71AB1A6D->13E42C
Àíàëèç wininet.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Ôóíêöèÿ wininet.dll:HttpQueryInfoA (205) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->762092E9->13D16E
Ôóíêöèÿ wininet.dll:HttpSendRequestExA (208) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->762548DB->13DF51
Ôóíêöèÿ wininet.dll:InternetCloseHandle (223) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7620974B->13D759
Ôóíêöèÿ wininet.dll:InternetQueryDataAvailable (268) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7620FC5E->13D909
Ôóíêöèÿ wininet.dll:InternetReadFile (272) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7620FA3C->13D8A7
Ôóíêöèÿ wininet.dll:InternetReadFileExA (273) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->7622571D->13D8E8
Ôóíêöèÿ wininet.dll:InternetReadFileExW (274) ïåðåõâà÷åíà, ìåòîä ProcAddressHijack.GetProcAddress ->76240C8A->13D8C7
Àíàëèç rasapi32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç urlmon.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
Àíàëèç netapi32.dll, òàáëèöà ýêñïîðòà íàéäåíà â ñåêöèè .text
1.2 Ïîèñê ïåðåõâàò÷èêîâ API, ðàáîòàþùèõ â KernelMode
Îøèáêà çàãðóçêè äðàéâåðà - ïðîâåðêà ïðåðâàíà [C0000034]
1.4 Ïîèñê ìàñêèðîâêè ïðîöåññîâ è äðàéâåðîâ
Ïðîâåðêà íå ïðîèçâîäèòñÿ, òàê êàê íå óñòàíîâëåí äðàéâåð ìîíèòîðèíãà AVZPM
2. Ïðîâåðêà ïàìÿòè
Êîëè÷åñòâî íàéäåííûõ ïðîöåññîâ: 34
Êîëè÷åñòâî çàãðóæåííûõ ìîäóëåé: 326
Ïðÿìîå ÷òåíèå c:\documents and settings\all users\documents\settings\partnership.dll
c:\documents and settings\all users\documents\settings\partnership.dll >>>>> Trojan-Proxy.Win32.Xorpix.ar
Ïðîâåðêà ïàìÿòè çàâåðøåíà
3. Ñêàíèðîâàíèå äèñêîâ
Ïðÿìîå ÷òåíèå C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll >>>>> Trojan-Proxy.Win32.Xorpix.ar
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB824141$\user32.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
Ïðÿìîå ÷òåíèå C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
C:\WINDOWS\Samsung\ML-1210\Srefresh.exe >>> ïîäîçðåíèå íà Trojan-Downloader.Win32.Small.exo ( 003A6C42 00077CB7 001B86AE 001C8372 28672)
C:\WINDOWS\Samsung\ML1200\Srefresh.exe >>> ïîäîçðåíèå íà Trojan-Downloader.Win32.Small.exo ( 003A6C42 00077CB7 001B86AE 001C8372 28672)
Ïðÿìîå ÷òåíèå C:\WINDOWS\Temp\kav1.tmp
4. Ïðîâåðêà Winsock Layered Service Provider (SPI/LSP)
Íàñòðîéêè LSP ïðîâåðåíû. Îøèáîê íå îáíàðóæåíî
5. Ïîèñê ïåðåõâàò÷èêîâ ñîáûòèé êëàâèàòóðû/ìûøè/îêîí (Keylogger, òðîÿíñêèå DLL)
6. Ïîèñê îòêðûòûõ ïîðòîâ TCP/UDP, èñïîëüçóåìûõ âðåäîíîñíûìè ïðîãðàììàìè
Ïðîâåðêà îòêëþ÷åíà ïîëüçîâàòåëåì
7. Ýâðèñòè÷åcêàÿ ïðîâåðêà ñèñòåìû
Ïðîâåðêà çàâåðøåíà
8. Ïîèñê ïîòåíöèàëüíûõ óÿçâèìîñòåé
>> Ñëóæáû: ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà RemoteRegistry (Remote Registry)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà TermService (Terminal Services)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà SSDPSRV (SSDP Discovery Service)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà Messenger (Messenger)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà Alerter (Alerter)
>> ðàçðåøåíà ïîòåíöèàëüíî îïàñíàÿ ñëóæáà Schedule (Task Scheduler)
>> Áåçîïàñíîñòü: ðàçðåøåí àäìèíèñòðàòèâíûé äîñòóï ê ëîêàëüíûì äèñêàì (C$, D$ ...)
>>> Áåçîïàñíîñòü:  IE ðàçðåøåíû àâòîìàòè÷åñêèå çàïðîñû ýëåìåíòîâ óïðàâëåíèÿ ActiveX
>> Áåçîïàñíîñòü: Ðàçðåøåíà îòïðàâêà ïðèãëàøåíèé óäàëåííîìó ïîìîøíèêó
Ïðîâåðêà çàâåðøåíà
Ïðîñêàíèðîâàíî ôàéëîâ: 173134, èçâëå÷åíî èç àðõèâîâ: 156470, íàéäåíî âðåäîíîñíûõ ïðîãðàìì 2, ïîäîçðåíèé - 2
Ñêàíèðîâàíèå çàâåðøåíî â 31.08.2007 14:36:08
Ñêàíèðîâàíèå äëèëîñü 00:46:45
Åñëè ó Âàñ åñòü ïîäîçðåíèå íà íàëè÷èå âèðóñîâ èëè âîïðîñû ïî çàïîäîçðåííûì îáúåêòàì,
òî Âû ìîæåòå îáðàòèòüñÿ â êîíôåðåíöèþ - http://virusinfo.info
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
Åñëè ñàì íå ñïðàâèøüñÿ - èùè ñïåöà èëè íåñè ê íèì âèíò.
Çàðàçà òî âèäèìî åù¸ òà.
Êñòàòè, ïîäîçðåíèå ýòî åù¸ íå ôàêò, ÷òî âèðóñ...
[Ñîîáùåíèå èçìåíåíî ïîëüçîâàòåëåì 31.08.2007 15:14]
Ã
Ãðåøíèê
..êîòîðûå ïîðîæäàþò ñîòíè âèðóñîâ åæåìèíóòíî..
U
à êàê ýòè âèðóñû îòñåêàòü íà ýòèõ ñàéòàõ?
Ôàéðâîë ñòàâèòü õîðîøèé.
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
Ôàéðâîë ñòàâèòü õîðîøèé.
À ãäå åãî âçÿòü?
Äà è ñïàñàåò îí òîëüêî â îïðåäåë¸ííûõ ñëó÷àÿõ.
Íå âî âñåõ.
Äëÿ íà÷àëà âûëå÷èòü íàäî, ñ÷àñ òî íà êîé ôàéåðâîëë?
ß ïîìíþ ÏÑÕ õîðîøî ðàññêàçûâàë êàê áîðîòüñÿ ñ ýòîé äðÿíüþ è Äîí ñïðàâèëñÿ áåç ñôîðìàò.
ß ïîìíþ ÏÑÕ õîðîøî ðàññêàçûâàë êàê áîðîòüñÿ ñ ýòîé äðÿíüþ è Äîí ñïðàâèëñÿ áåç ñôîðìàò.
í
...íûíå îâöåâîä Ãåðìàí Ñòåðëèã...
ß ïîìíþ ÏÑÕ õîðîøî ðàññêàçûâàë êàê áîðîòüñÿ ñ ýòîé äðÿíüþ è Äîí ñïðàâèëñÿ áåç ñôîðìàò.
Âàí â÷åðà, âèäèìî, óæå íàëîìàë ñòàðûì çàéöåì äðîâ, õîðîøî íå ðàçîáðàâøèñü â åãî íàñòðîéêàõ.
Ñåãîäíÿ ïîéìàë íîâûì çàéöåì åù¸ ïàðó âèðåé è äîâåñîê ê íèì.
Óäàëÿòü äåëî õèòðîå, òàê êàê ìîæíî ñíåñòè áèáëèîòåêè ðàáî÷èõ ïðîãðàìì (òèïà ñàìîïàëüíûõ).
Ñåé÷àñ ñîâñåì ïðîïàë êóäà-òî.
Âèäèìî, Àìèíü.
Ï
Ïîëîñàòàÿ ÌàòðàÖà
Ñåãîäíÿ ïîéìàë íîâûì çàéöåì åù¸ ïàðó âèðåé è äîâåñîê ê íèì.
Ñåé÷àñ ñîâñåì ïðîïàë êóäà-òî.
Âèäèìî, Àìèíü.
Äûê æàëü, åñëè èçëîìàëñÿ ñ êîìïîì, ñêóøíî áåç Âàíòóâàíó...
O
OneTwoOne .
ó ìåíÿ êàê ó êàæäîãî êóëüòóðíîãî ÷åëîâåêà íîóòáóê åñòü.
à âîîáùå ïîøåë ñäàâàòüñÿ.
à âîîáùå ïîøåë ñäàâàòüñÿ.
Ë
Ëèâñè
à âîîáùå ïîøåë ñäàâàòüñÿ.
Âàí, ïàóêà ïðîâåðüòå, èñïûòàíî.
à âîîáùå ïîøåë ñäàâàòüñÿ.
Àíòóàí..ÿ ïðî âèðóñû..ïîøóòèëà ÿ..
Àâòîðèçóéòåñü, ÷òîáû ïðèíÿòü ó÷àñòèå â äèñêóññèè.