Lavasoft Support Forums > Help Please, My Computer if Infected With Torjan

Sevalle

Jan 31 2007, 06:08 PM

Hi Everyone... my computer just dected a trojan horse running lose on my comp

( and i have read some of stuff here but i just wanted to be sure so ill be posing both the ad-aware se logfile and hijackthis logfile in awhile... btw i found folders of active video x in my comp do i delete them now? or later? and does the risk of my comp getting crashed get higher when i dont act asap... for now i have quarantined the files that has been infected... i think its already in 20+ files T_T

Sevalle

Jan 31 2007, 06:13 PM

this is the Hijackthis LOg file i just made...

Logfile of HijackThis v1.99.1
Scan saved at 上午 01:24:26, on 2007/2/1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Santa Cruz Networks\Festoon\Festoon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\RavMonE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinGet\WinGet.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WinIEObj Class - {371C6960-302C-45D0-9504-50B820247439} - C:\Program Files\WinGet\WinIE.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Festoon] C:\Program Files\Santa Cruz Networks\Festoon\Festoon.exe /BOOT
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\WinGet\WinGet.exe /silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with &WinGet - res://C:\Program Files\WinGet\WinIE.dll/300
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111240197665
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com./download/MsnMess...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

Sevalle

Jan 31 2007, 06:23 PM

this is the logfile of my ad aware se i hope this would help

Ad-Aware SE Build 1.06r1
Logfile Created on:2007年2月1日上午 01:09:18
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R148 29.01.2007
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

References detected during the scan:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?
MRU List(TAC index:0):64 total references
Tracking Cookie(TAC index:3):41 total references
Win32.Trojandownloader.Zlob(TAC index:10):20 total references
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

2007-2-1 上午 01:09:18 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\騰光\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\騰光\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\macromedia\flash 7\recent file list
Description : list of recently used files in macromedia flash

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage
Description : default save location in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\frontpage\explorer\navigation\mrulist
Description : list for the navigation feature of microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\access\settings
Description : list of recently opened documents in microsoft access

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\visual basic\6.0\recentfiles
Description : list of recently used files in microsoft visual basic

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\ulead systems\ulead photoimpact\8.0\recent file list
Description : list of recently used files in ulead photoimpact

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1220945662-261478967-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 2007-1-31 上午 11:13:03
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 2007-1-31 上午 11:13:05
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 2007-1-31 上午 11:13:06
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 2007-1-31 上午 11:13:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 2007-1-31 上午 11:13:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 2007-1-31 上午 11:13:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 2007-1-31 上午 11:13:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 2007-1-31 上午 11:13:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 948
ThreadCreationTime : 2007-1-31 上午 11:13:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 2007-1-31 上午 11:13:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1280
ThreadCreationTime : 2007-1-31 上午 11:13:11
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1348
ThreadCreationTime : 2007-1-31 上午 11:13:12
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [spdstrm.exe]
FilePath : C:\Program Files\Efficient Networks\SpeedStream DSL\
ProcessID : 1568
ThreadCreationTime : 2007-1-31 上午 11:13:13
BasePriority : Normal
FileVersion : 3.4.0.86
ProductVersion : 3.4.0.86
ProductName : Efficient Networks, Inc. taskbar
CompanyName : Efficient Networks, Inc.
FileDescription : taskbar
InternalName : taskbar
LegalCopyright : Copyright c 2000
OriginalFilename : taskbar.exe

#:14 [asusprob.exe]
FilePath : C:\Program Files\ASUS\Probe\
ProcessID : 1580
ThreadCreationTime : 2007-1-31 上午 11:13:13
BasePriority : Normal

#:15 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1592
ThreadCreationTime : 2007-1-31 上午 11:13:14
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright c 2003 Analog Devices
OriginalFilename : SMTray.exe

#:16 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1612
ThreadCreationTime : 2007-1-31 上午 11:13:14
BasePriority : Normal

#:17 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1624
ThreadCreationTime : 2007-1-31 上午 11:13:14
BasePriority : Normal

#:18 [usisrv.exe]
FilePath : C:\Program Files\Common Files\Ulead Systems\DVD\
ProcessID : 1648
ThreadCreationTime : 2007-1-31 上午 11:13:14
BasePriority : Normal
FileVersion : 1, 0, 1, 15
ProductVersion : 1, 0, 1, 15
ProductName : Ulead Systems USISrv
CompanyName : Ulead Systems
FileDescription : USISrv
InternalName : USISrv
LegalCopyright : Copyright c 2003 Ulead Systems
OriginalFilename : USISrv.exe

#:19 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1668
ThreadCreationTime : 2007-1-31 上午 11:13:14
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright c RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:20 [festoon.exe]
FilePath : C:\Program Files\Santa Cruz Networks\Festoon\
ProcessID : 1676
ThreadCreationTime : 2007-1-31 上午 11:13:14
BasePriority : Normal
FileVersion : "00000,00001,00003,00213"
ProductVersion : "00000,00001,00003,00213"
ProductName : Festoon
CompanyName : Santa Cruz Networks, Inc.
FileDescription : Festoon
InternalName : Festoon
LegalCopyright : Copyright © 1997-2005
OriginalFilename : Festoon.exe

#:21 [jucheck.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 1708
ThreadCreationTime : 2007-1-31 上午 11:13:15
BasePriority : Normal
FileVersion : 5.0.20.9
ProductVersion : 5.0.20.9
ProductName : Java™ 2 Platform Standard Edition 5.0 Update 2
CompanyName : Sun Microsystems, Inc.
FileDescription : Java™ Update Checker
InternalName : Java™ Update Checker
LegalCopyright : Copyright c 2004
OriginalFilename : jucheck.exe

#:22 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1720
ThreadCreationTime : 2007-1-31 上午 11:13:15
BasePriority : Normal
FileVersion : 7,1,0,406
ProductVersion : 7.1.0.406
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright c 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:23 [ravmone.exe]
FilePath : C:\WINDOWS\
ProcessID : 1744
ThreadCreationTime : 2007-1-31 上午 11:13:15
BasePriority : Normal

#:24 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1768
ThreadCreationTime : 2007-1-31 上午 11:13:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:25 [winget.exe]
FilePath : C:\Program Files\WinGet\
ProcessID : 1776
ThreadCreationTime : 2007-1-31 上午 11:13:15
BasePriority : Normal
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
ProductName : WinGet Download Manager
CompanyName : Nicksoft, Inc.
FileDescription : WinGet Download Manager
InternalName : WinGet
LegalCopyright : Copyright c 2003 Nicksoft, Inc.
OriginalFilename : WinGet.exe

#:26 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 1824
ThreadCreationTime : 2007-1-31 上午 11:13:16
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright c 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:27 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 1888
ThreadCreationTime : 2007-1-31 上午 11:13:17
BasePriority : Normal
FileVersion : 1.8.1
ProductVersion : 1, 8, 1, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:28 [pts.exe]
FilePath : C:\Program Files\Kodak\KODAK Picture Transfer Software\
ProcessID : 1908
ThreadCreationTime : 2007-1-31 上午 11:13:17
BasePriority : Normal
FileVersion : 2.1.0007
ProductVersion : 2.1.0007
ProductName : Picture Transfer Software
CompanyName : Eastman Kodak Company
FileDescription : Picture Transfer Software Executable
InternalName : Picture Transfer Software
LegalCopyright : Copyright © 2001, Eastman Kodak Company
OriginalFilename : pts.EXE

#:29 [backweb-7288971.exe]
FilePath : C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\
ProcessID : 1920
ThreadCreationTime : 2007-1-31 上午 11:13:17
BasePriority : Normal

#:30 [hotsync.exe]
FilePath : C:\Program Files\Palm\
ProcessID : 2020
ThreadCreationTime : 2007-1-31 上午 11:13:18
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSyncR Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSyncR Manager Application
InternalName : HotSyncR
LegalCopyright : Copyright c 1995-2001 Palm, Inc.
LegalTrademarks : HotSyncR is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:31 [conime.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2036
ThreadCreationTime : 2007-1-31 上午 11:13:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Console IME
InternalName : Console
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : CONIME.EXE

#:32 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 368
ThreadCreationTime : 2007-1-31 上午 11:13:21
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright c 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:33 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 456
ThreadCreationTime : 2007-1-31 上午 11:13:21
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright c 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:34 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 492
ThreadCreationTime : 2007-1-31 上午 11:13:22
BasePriority : Normal
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-1
OriginalFilename : DcFsSvc.exe

#:35 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 864
ThreadCreationTime : 2007-1-31 上午 11:13:22
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : MicrosoftR Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:36 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 980
ThreadCreationTime : 2007-1-31 上午 11:13:23
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:37 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1272
ThreadCreationTime : 2007-1-31 上午 11:13:26
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright c 2002
OriginalFilename : SMAgent.exe

#:38 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1432
ThreadCreationTime : 2007-1-31 上午 11:13:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:39 [ulcdrsvr.exe]
FilePath : C:\Program Files\Common Files\Ulead Systems\DVD\
ProcessID : 1212
ThreadCreationTime : 2007-1-31 上午 11:13:27
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : Ulead Systems ULCDRSvr
CompanyName : Ulead Systems, Inc.
FileDescription : ULCDRSvr
InternalName : ULCDRSvr
LegalCopyright : Copyright c 2002 Ulead Systems, Inc.
OriginalFilename : ULCDRSvr.exe

#:40 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 992
ThreadCreationTime : 2007-1-31 上午 11:13:27
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:41 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2444
ThreadCreationTime : 2007-1-31 上午 11:13:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:42 [yahoom~1.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 4008
ThreadCreationTime : 2007-1-31 上午 11:23:57
BasePriority : Normal
FileVersion : 8,1,0,209
ProductVersion : 8,1,0,209
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.

#:43 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2736
ThreadCreationTime : 2007-1-31 上午 11:24:48
BasePriority : Normal

#:44 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2032
ThreadCreationTime : 2007-1-31 下午 02:48:36
BasePriority : Normal

#:45 [isamonitor.exe]
FilePath : C:\Program Files\Video ActiveX Object\
ProcessID : 972
ThreadCreationTime : 2007-1-31 下午 03:35:42
BasePriority : Normal

#:46 [isamini.exe]
FilePath : C:\Program Files\Video ActiveX Object\
ProcessID : 3268
ThreadCreationTime : 2007-1-31 下午 04:43:42
BasePriority : Normal

Win32.Trojandownloader.Zlob Object Recognized!
Type : Process
Data : isamini.exe
TAC Rating : 10
Category : Malware
Comment : isamini.exe.dmp
Object : C:\Program Files\Video ActiveX Object\

Warning! Win32.Trojandownloader.Zlob Object found in memory(C:\Program Files\Video ActiveX Object\isamini.exe)

"C:\Program Files\Video ActiveX Object\isamini.exe"Process terminated successfully
"C:\Program Files\Video ActiveX Object\isamini.exe"Process terminated successfully

#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2728
ThreadCreationTime : 2007-1-31 下午 05:09:06
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 1
Objects found so far: 65

Sevalle

Jan 31 2007, 06:24 PM

Started registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}

Registry Scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 1
Objects found so far: 66

Started deep registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Deep registry scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 66

Started Tracking Cookie scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@edge.ru4[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@edge.ru4.com/
Expires : 2035-12-10 下午 08:42:34
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@vdn.valuead[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:36
Value : Cookie:騰光@vdn.valuead.com/
Expires : 2021-1-1 上午 08:00:00
LastSync : Hits:36
UseCount : 0
Hits : 36

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@valuecommerce[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:騰光@valuecommerce.com/
Expires : 2008-5-27 上午 12:25:24
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@statcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:騰光@statcounter.com/
Expires : 2011-1-8 下午 07:49:28
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@centrport[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@centrport.net/
Expires : 2030-1-1 上午 08:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@e-2dj6wjk4woazkbp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@e-2dj6wjk4woazkbp.stats.esomniture.com/
Expires : 2010-12-16 下午 11:22:36
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:44
Value : Cookie:騰光@atdmt.com/
Expires : 2011-4-20 上午 08:00:00
LastSync : Hits:44
UseCount : 0
Hits : 44

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:154
Value : Cookie:騰光@real.com/
Expires : 2036-5-12 下午 08:18:34
LastSync : Hits:154
UseCount : 0
Hits : 154

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@media.fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:騰光@media.fastclick.net/
Expires : 2005-12-12 下午 10:52:28
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@e-2dj6wjl4kkd5chp.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@e-2dj6wjl4kkd5chp.stats.esomniture.com/
Expires : 2010-12-9 上午 10:25:44
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@revsci.net/
Expires : 2026-3-21 下午 05:02:30
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:騰光@zedo.com/
Expires : 2015-6-12 下午 02:54:56
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@buycom.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@buycom.122.2o7.net/
Expires : 2010-12-16 下午 11:43:24
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@casalemedia.com/
Expires : 2007-4-24 下午 08:43:36
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:騰光@advertising.com/
Expires : 2011-5-9 上午 12:29:26
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:騰光@mediaplex.com/
Expires : 2009-6-22 上午 08:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:32
Value : Cookie:騰光@ads.pointroll.com/
Expires : 2010-1-1 上午 08:00:00
LastSync : Hits:32
UseCount : 0
Hits : 32

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:33
Value : Cookie:騰光@z1.adserver.com/
Expires : 2007-5-22 下午 07:09:30
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@ehg-channelwave.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:騰光@ehg-channelwave.hitbox.com/
Expires : 2006-12-17 下午 11:48:26
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:騰光@ads.addynamix.com/
Expires : 2006-5-15 下午 09:07:50
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@apmebf.com/
Expires : 2010-12-16 下午 11:47:22
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@counter.hitslink[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:騰光@counter.hitslink.com/
Expires : 2038-1-18 下午 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:19
Value : Cookie:騰光@as-us.falkag.net/
Expires : 2006-12-6 上午 12:47:08
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:騰光@msnportal.112.2o7.net/
Expires : 2011-3-25 下午 01:43:32
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@stat.onestat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@stat.onestat.com/
Expires : 2016-1-9 上午 08:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@maxserving[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:騰光@maxserving.com/
Expires : 2015-6-12 下午 02:55:48
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@e-2dj6wjl4gmd5eap.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@e-2dj6wjl4gmd5eap.stats.esomniture.com/
Expires : 2010-12-9 上午 10:26:28
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@rotator.adjuggler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:騰光@rotator.adjuggler.com/
Expires : 2017-1-25 下午 01:19:38
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:35
Value : Cookie:騰光@serving-sys.com/
Expires : 2038-1-1 上午 06:00:00
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:騰光@perf.overture.com/
Expires : 2010-4-19 上午 01:38:42
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@ehg-kodak.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:騰光@ehg-kodak.hitbox.com/
Expires : 2006-3-25 下午 03:16:08
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:騰光@tribalfusion.com/
Expires : 2038-1-1 上午 08:00:00
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@bluestreak.com/
Expires : 2015-6-12 上午 10:53:12
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:騰光@questionmarket.com/
Expires : 2007-10-1 下午 12:09:06
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@data.coremetrics.com/
Expires : 2020-12-16 下午 11:42:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:169
Value : Cookie:騰光@doubleclick.net/
Expires : 2009-4-26 上午 12:45:56
LastSync : Hits:169
UseCount : 0
Hits : 169

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:騰光@statse.webtrendslive.com/
Expires : 2015-12-15 下午 11:47:52
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@trafic[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@trafic.ro/
Expires : 2037-1-11 下午 10:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:騰光@hitbox.com/
Expires : 2006-12-17 下午 11:48:26
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:騰光@servedby.advertising.com/
Expires : 2007-5-10 上午 12:29:28
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 騰光@highbeam.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:騰光@highbeam.122.2o7.net/
Expires : 2011-2-18 下午 04:50:16
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 41
Objects found so far: 107

Deep scanning and examining files (C:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for C:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 107

Deep scanning and examining files (D:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for D:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 107

Deep scanning and examining files (E:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for E:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 107

Deep scanning and examining files (F:)
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for F:\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 107

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned.
New critical objects:0
Objects found so far: 107

Performing conditional scans...
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : videoaxobject.chl

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Value : Path

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Value : Removable

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Value : 65005

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\internet security
Value : 65007

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object
Value : DisplayName

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object
Value : UninstallString

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object
Value : DisplayIcon

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object
Value : DisplayVersion

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object
Value : URLInfoAbout

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\video activex object
Value : Publisher

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\internet security add-on

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\internet security add-on
Value : UninstallString

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006
Value : UninstallString

Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Video ActiveX Object

Conditional scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 18
Objects found so far: 125

上午 01:29:03 Scan Complete

Summary Of This Scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
Total scanning time:00:19:45.859
Objects scanned:246130
Objects identified:61
Objects ignored:0
New critical objects:61

Sevalle

Jan 31 2007, 06:25 PM

by the way i quarantined the infected files... does this help?... and when i click ok ad aware try to delete the files but it wasnt succesful it recommeneded that it will be deleted after the next reboot.