附件: 您所在的用户组无法下载或查看附件


 附件: 您所在的用户组无法下载或查看附件

解压密码:virus

文件说明符 : C:\WINDOWS\RavNT.exe
属性 : A---
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 1, 0, 0, 1
说明 : RavNT Application
版权 : 版权所有 (C) 2008
产品版本 : 1, 0, 0, 1
产品名称 : Rising AntiVirus 2008
公司名称 : 瑞星
内部名称 : RavNT
源文件名 : RavNT.exe
创建时间 : 2008-7-7 15:40:36
修改时间 : 2008-7-7 15:40:36
大小 : 69753 字节 68.121 KB
MD5 : 0f71426d4ec2cb092ba2b482b0a7e716
SHA1: F9763B7B730E6041BC5C44F7F7BBBA031FB1E1ED
CRC32: 1d8165ef


O4 - HKLM\..\Run: [RavMonS] C:\WINDOWS\soni.exe

文件说明符 : C:\WINDOWS\soni.exe
属性 : A---
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 1, 0, 0, 6
说明 : 瑞星
版权 : Copyright ? 2008
产品版本 : 1, 0, 0, 6
产品名称 : 瑞星杀毒软件
公司名称 : 瑞星
内部名称 : soni
源文件名 : soni.exe
创建时间 : 2008-7-7 16:16:58
修改时间 : 2008-7-7 16:16:58
大小 : 28672 字节 28.0 KB
MD5 : bbf01792d245277580c13cb2239e0c37
SHA1: B28273FA256FD563069321645767E92B27C4B8B5
CRC32: bc95df9d



文件 RavNT.exe 接收于 2008.07.12 03:49:04 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.7.11.0	2008.07.11	Win-Trojan/Bho.69763
AntiVir	7.8.0.64	2008.07.11	TR/BHO.ewg
Authentium	5.1.0.4	2008.07.11	-
Avast	4.8.1195.0	2008.07.12	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.07.11	Agent.YAQ
BitDefender	7.2	2008.07.12	-
CAT-QuickHeal	9.50	2008.07.11	Trojan.BHO.ewg
ClamAV	0.93.1	2008.07.11	-
DrWeb	4.44.0.09170	2008.07.11	-
eSafe	7.0.17.0	2008.07.10	-
eTrust-Vet	31.6.5947	2008.07.11	-
Ewido	4.0	2008.07.11	-
F-Prot	4.4.4.56	2008.07.11	-
F-Secure	7.60.13501.0	2008.07.10	-
Fortinet	3.14.0.0	2008.07.11	W32/BHO.EWG!tr
GData	2.0.7306.1023	2008.07.12	Trojan.Win32.BHO.ewg
Ikarus	T3.1.1.26.0	2008.07.12	Trojan.Win32.BHO.ewg
Kaspersky	7.0.0.125	2008.07.12	Trojan.Win32.BHO.ewg
McAfee	5337	2008.07.11	-
Microsoft	1.3704	2008.07.12	-
NOD32v2	3263	2008.07.11	a variant of Win32/Agent.NXB
Norman	5.80.02	2008.07.11	-
Panda	9.0.0.4	2008.07.11	Suspicious file
Prevx1	V2	2008.07.12	-
Rising	20.52.41.00	2008.07.11	-
Sophos	4.31.0	2008.07.12	-
Sunbelt	3.1.1509.1	2008.07.04	-
Symantec	10	2008.07.12	-
TheHacker	6.2.96.376	2008.07.10	-
TrendMicro	8.700.0.1004	2008.07.11	-
VBA32	3.12.6.9	2008.07.11	Trojan.Win32.BHO.ewg
VirusBuster	4.5.11.0	2008.07.11	-
Webwasher-Gateway	6.6.2	2008.07.11	Trojan.BHO.ewg
附加信息
File size: 69753 bytes
MD5...: 0f71426d4ec2cb092ba2b482b0a7e716
SHA1..: f9763b7b730e6041bc5c44f7f7bbba031fb1e1ed
SHA256: db335f883aeb4cbf4c926b034337b0ba6e4d1916e732986f13f376ea54ed43dd
SHA512: e19f568d0d4a75071b3282f58d9b5c5e53daa6d19055907a510aa70fedfe953d<BR>5b48b832920ce76ebb6397f96c09a9b2cc8f772800f8626d4ae7f7405e60af27
PEiD..: Armadillo v1.71
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x405e0c<BR>timedatestamp.....: 0x4871c872 (Mon Jul 07 07:40:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7505 0x8000 4.22 b97a50f0c6a2b134728758ca51cc6d92<BR>.rdata 0x9000 0xe19 0x1000 2.82 6ff3d22e68e7313c85ae88e7d5fa2d12<BR>.data 0xa000 0x169c 0x2000 2.10 47641db7270c59acaa49589d96ad9133<BR>.idata 0xc000 0x1079 0x2000 2.53 a8244460bdbc55ca46472f404515d6db<BR>.rsrc 0xe000 0x1e19 0x2000 3.70 3ffba0926d69f80918519652e188a9b0<BR>.reloc 0x10000 0xa9b 0x1000 4.47 8de4ef933441cf5e18c46a9451fe61d2<BR><BR>( 6 imports ) <BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chdir, _mkdir, strlen, _stricmp, strcmp, strncpy, strcat, _setmbcp, sprintf, memset, __CxxFrameHandler, _mbsrchr, strcpy, strstr, _controlfp<BR>> KERNEL32.dll: ReleaseMutex, WaitForSingleObject, WinExec, GetPrivateProfileIntA, GetPrivateProfileStringA, MoveFileExA, WritePrivateProfileStringA, GetShortPathNameA, CopyFileA, GetSystemDefaultLangID, DeleteFileA, FindNextFileA, FindFirstFileA, SetCurrentDirectoryA, CloseHandle, CreateProcessA, LoadLibraryA, FreeLibrary, GetStartupInfoA, GetModuleFileNameA, GetVersionExA, GetSystemTime, CreateMutexA, FindClose, GetModuleHandleA, GetProcAddress<BR>> USER32.dll: KillTimer, MessageBoxA, UpdateWindow, FindWindowA, SetTimer, LoadCursorA, EnableWindow, SendMessageA<BR>> ADVAPI32.dll: RegSetValueExA, RegOpenKeyA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA<BR>> urlmon.dll: URLDownloadToFileA<BR><BR>( 0 exports ) <BR>

文件 soni.exe 接收于 2008.07.12 05:35:24 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.7.11.0	2008.07.11	-
AntiVir	7.8.0.64	2008.07.11	TR/Agent.HYT.28672
Authentium	5.1.0.4	2008.07.11	-
Avast	4.8.1195.0	2008.07.12	Win32:Trojan-gen {Other}
AVG	7.5.0.516	2008.07.11	Agent.YAD
BitDefender	7.2	2008.07.12	-
CAT-QuickHeal	9.50	2008.07.11	TrojanSpy.Small.buu
ClamAV	0.93.1	2008.07.11	-
DrWeb	4.44.0.09170	2008.07.11	-
eSafe	7.0.17.0	2008.07.10	-
eTrust-Vet	31.6.5949	2008.07.12	-
Ewido	4.0	2008.07.11	-
F-Prot	4.4.4.56	2008.07.11	-
F-Secure	7.60.13501.0	2008.07.10	-
Fortinet	3.14.0.0	2008.07.11	Spy/Small
GData	2.0.7306.1023	2008.07.12	Trojan-Spy.Win32.Small.buw
Ikarus	T3.1.1.26.0	2008.07.12	Trojan-Spy.Win32.Small.buw
Kaspersky	7.0.0.125	2008.07.12	Trojan-Spy.Win32.Small.buw
McAfee	5337	2008.07.11	-
Microsoft	1.3704	2008.07.12	-
NOD32v2	3263	2008.07.11	a variant of Win32/Agent.NXB
Norman	5.80.02	2008.07.11	-
Panda	9.0.0.4	2008.07.11	-
Prevx1	V2	2008.07.12	-
Rising	20.52.42.00	2008.07.12	-
Sophos	4.31.0	2008.07.12	Mal/Generic-A
Sunbelt	3.1.1536.1	2008.07.12	-
Symantec	10	2008.07.12	Trojan Horse
TheHacker	6.2.96.376	2008.07.10	-
TrendMicro	8.700.0.1004	2008.07.11	-
VBA32	3.12.6.9	2008.07.12	Trojan-Spy.Win32.Small.buw
VirusBuster	4.5.11.0	2008.07.11	-
Webwasher-Gateway	6.6.2	2008.07.11	Trojan.Agent.HYT.28672
附加信息
File size: 28672 bytes
MD5...: bbf01792d245277580c13cb2239e0c37
SHA1..: b28273fa256fd563069321645767e92b27c4b8b5
SHA256: ded46787c40017de0d3bb264b4abd7deb5c3723630d6b4713a4dc7074e505b4f
SHA512: 60edd10142117a971e033c7b472e67dcbfd9d70d96404a41379cd01e2793a96d<BR>fe8fd82010cc699c7fb5aa0bcc5ca85f27d6e82cd15d2bcfcb4a17e786253de3
PEiD..: Armadillo v1.71
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x403d14<BR>timedatestamp.....: 0x4871d0f9 (Mon Jul 07 08:16:57 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2ed0 0x3000 6.35 f9f29de7875549ffbc5929b75f152164<BR>.rdata 0x4000 0x852 0x1000 3.09 48e56213fb46eadefa2e2ccec1efc7dc<BR>.data 0x5000 0xae4 0x1000 4.43 b9cc799b79926bd02fdfd153098ac557<BR>.rsrc 0x6000 0x368 0x1000 0.91 548250ee2f66116920763c7da1fc5f27<BR><BR>( 5 imports ) <BR>> urlmon.dll: URLDownloadToFileA<BR>> MFC42.DLL: -, -, -, -, -, -, -<BR>> MSVCRT.dll: __dllonexit, _onexit, _exit, atoi, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, _terminate@@YAXXZ, __set_app_type, _strcmpi, time, srand, rand, strncpy, fclose, isalnum, isspace, __CxxFrameHandler, sprintf, _except_handler3, strstr, atof, _ftol, floor, fopen, __p__fmode, fgets, _itoa, _XcptFilter, _controlfp<BR>> KERNEL32.dll: GetModuleHandleA, GetLastError, FormatMessageA, LocalFree, GetSystemDirectoryA, CreateProcessA, ResumeThread, GetPrivateProfileStringA, GetPrivateProfileIntA, GetWindowsDirectoryA, TerminateProcess, LoadLibraryA, Sleep, WaitForMultipleObjects, CreateThread, ExitProcess, GetSystemTime, GetProcAddress, GetStartupInfoA<BR>> USER32.dll: DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassExA, FindWindowA, SetTimer, PostQuitMessage, KillTimer, DefWindowProcA, GetCursorPos, GetSystemMetrics, GetWindowRect, GetClassNameA, FindWindowExA, PostMessageA, SetWindowPos, SendMessageTimeoutA, IsWindow<BR><BR>( 0 exports ) <BR>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

第一个好像只是个恶意插件。。。。