endurer - 2009-10-16 22:05:00
附件: 您所在的用户组无法下载或查看附件解压密码:virus
O2 - BHO BHO Class - {AA3D3193-E700-4087-BD8B-CDC2CDC0820F} = C:\WINDOWS\system32\e54.dll
文件说明符 : C:\WINDOWS\system32\e54.dll
属性 : A---
数字签名:否
PE文件:是
语言 : 英语(美国)
文件版本 : 1, 0, 2, 8
说明 : Transaction Module
版权 : Copyright 2006
备注 : Microsoft Corporation
产品版本 : 1, 0, 2, 8
产品名称 : Flacdker Product
公司名称 : Microsoft Corporation
内部名称 : COM Services
源文件名 : COM Services
创建时间 : 2009-10-16 21:14:8
修改时间 : 2009-10-12 8:45:0
大小 : 36864 字节 36.0 KB
MD5 : adcf542a58f026d5819de1844946ba5e
SHA1: A9015DAE74731B92EC60C6F07E4A5942CFBA7604
CRC32: 569e90ba
文件 e54.dll 接收于 2009.10.16 13:55:18 (UTC)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| a-squared | 4.5.0.41 | 2009.10.16 | AdWare.Bdsearch!IK |
| AhnLab-V3 | 5.0.0.2 | 2009.10.16 | - |
| AntiVir | 7.9.1.35 | 2009.10.16 | - |
| Antiy-AVL | 2.0.3.7 | 2009.10.16 | AdWare/Win32.BHO.gen |
| Authentium | 5.1.2.4 | 2009.10.16 | - |
| Avast | 4.8.1351.0 | 2009.10.14 | Win32:BHO-XK |
| AVG | 8.5.0.420 | 2009.10.16 | Generic4.OHD |
| BitDefender | 7.2 | 2009.10.16 | Gen:Adware.Heur.cu8@A8haDCab |
| CAT-QuickHeal | 10.00 | 2009.10.16 | - |
| ClamAV | 0.94.1 | 2009.10.16 | - |
| Comodo | 2621 | 2009.10.16 | - |
| DrWeb | 5.0.0.12182 | 2009.10.16 | - |
| eSafe | 7.0.17.0 | 2009.10.15 | Win32.Adclicker |
| eTrust-Vet | 35.1.7071 | 2009.10.16 | - |
| F-Prot | 4.5.1.85 | 2009.10.15 | - |
| F-Secure | 8.0.14470.0 | 2009.10.16 | AdWare.Win32.BHO.iwa |
| Fortinet | 3.120.0.0 | 2009.10.16 | - |
| GData | 19 | 2009.10.16 | Gen:Adware.Heur.cu8@A8haDCab |
| Ikarus | T3.1.1.72.0 | 2009.10.16 | AdWare.Bdsearch |
| Jiangmin | 11.0.800 | 2009.10.16 | Adware/BHO.qz |
| K7AntiVirus | 7.10.872 | 2009.10.16 | - |
| Kaspersky | 7.0.0.125 | 2009.10.16 | not-a-virus:AdWare.Win32.BHO.iwa |
| McAfee | 5772 | 2009.10.15 | Generic PWS!hv.ah |
| McAfee+Artemis | 5772 | 2009.10.15 | Artemis!ADCF542A58F0 |
| McAfee-GW-Edition | 6.8.5 | 2009.10.16 | - |
| Microsoft | 1.5101 | 2009.10.16 | - |
| NOD32 | 4514 | 2009.10.16 | - |
| Norman | 6.03.02 | 2009.10.16 | - |
| nProtect | 2009.1.8.0 | 2009.10.15 | Trojan-Clicker/W32.BHO.36864.CR |
| Panda | 10.0.2.2 | 2009.10.15 | Trj/CI.A |
| PCTools | 4.4.2.0 | 2009.10.16 | - |
| Prevx | 3.0 | 2009.10.16 | Medium Risk Malware |
| Rising | 21.51.44.00 | 2009.10.16 | - |
| Sophos | 4.46.0 | 2009.10.16 | - |
| Sunbelt | 3.2.1858.2 | 2009.10.15 | - |
| Symantec | 1.4.4.12 | 2009.10.16 | Trojan.Adclicker |
| TheHacker | 6.5.0.2.043 | 2009.10.15 | - |
| TrendMicro | 8.950.0.1094 | 2009.10.16 | - |
| VBA32 | 3.12.10.11 | 2009.10.15 | AdWare.Win32.BHO.iwa |
| ViRobot | 2009.10.16.1988 | 2009.10.16 | - |
| VirusBuster | 4.6.5.0 | 2009.10.15 | - |
| 附加信息 |
| File size: 36864 bytes |
| MD5...: adcf542a58f026d5819de1844946ba5e |
| SHA1..: a9015dae74731b92ec60c6f07e4a5942cfba7604 |
| SHA256: 7847b3cbe5cd013554ee4a5cacc6b584f399cd04dc4e256a2531d236a2fa3a28 |
| ssdeep: 384:XAWGdzwoT77MeIcgTHRTHAnZbARpI5pAWS0Eo3gQ:tozwmdURTHAZbARpapt hg |
| PEiD..: - |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x38a3 timedatestamp.....: 0x4ac54a37 (Fri Oct 02 00:32:55 2009) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2b56 0x3000 5.89 ef17b40a04182ac076d8ecbbc334d85a .rdata 0x4000 0x111e 0x2000 3.13 303f5715b1bb0e440de516ee229506dd .data 0x6000 0x1864 0x1000 1.80 ef3b419523d7ead49fbaaa19500e25d8 .rsrc 0x8000 0xe30 0x1000 3.95 5415be4baa86fc6de2277a09cbbf89ae .reloc 0x9000 0x898 0x1000 3.37 78e8fab4b81c496c2dfbad5ccdc8a63e ( 8 imports ) > MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCRT.dll: strcpy, wcslen, _CxxThrowException, sscanf, _strnicmp, sprintf, strstr, strlen, memcmp, __CxxFrameHandler, _purecall, _mbslwr, __1type_info@@UAE@XZ, _adjust_fdiv, malloc, _initterm, free, _strlwr, _except_handler3, _onexit, __dllonexit, _mbsstr, memcpy, _terminate@@YAXXZ > KERNEL32.dll: CreateEventA, CreateThread, Sleep, SetEvent, lstrlenW, InterlockedDecrement, EnterCriticalSection, InterlockedIncrement, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetModuleFileNameA, WaitForSingleObject, CreateFileMappingA, MultiByteToWideChar, GetLastError, WideCharToMultiByte, LocalFree, LocalAlloc > USER32.dll: SendMessageA, FindWindowExA, IsCharAlphaNumericA > ADVAPI32.dll: RegNotifyChangeKeyValue > OLEAUT32.dll: -, -, -, -, -, -, -, - > ATL.DLL: -, -, -, -, -, -, -, -, -, - > MSVCP60.dll: __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer |
| RDS...: NSRL Reference Data Set - |
| pdfid.: - |
| packers (Antiy-AVL): CrypToCrackPeProtector0.93 |
| sigcheck: publisher....: Microsoft Corporation copyright....: Copyright 2006 product......: Flacdker Product description..: Transaction Module original name: COM Services internal name: COM Services file version.: 1, 0, 2, 8 comments.....: Microsoft Corporation signers......: - signing date.: - verified.....: Unsigned |
| <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=756B25D5005CD4E4909000E3E730F100EAFF256C' target='_blank'>http://info.prevx.com/aboutprogr ... E730F100EAFF256C<;/a> |
| trid..: DirectShow filter (43.0%) Windows OCX File (26.3%) Win64 Executable Generic (18.2%) Win32 Executable MS Visual C++ (generic) (8.0%) Win32 Executable Generic (1.8%) |
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler 4.0; MAXTHON 2.0)