ArchiveData(auto-quarantine- 2005-07-23 21-30-21.bckp)
Referencefile : SE1R56 21.07.2005
======================================================

MRU LIST
换换换换换换换换换换换换换换换换换换换
obj[0]=MRU RegReference : S-1-5-21-576486455-1527494283-822456451-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
obj[1]=MRU RegReference : S-1-5-21-576486455-1527494283-822456451-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[2]=MRU RegReference : S-1-5-21-576486455-1527494283-822456451-1008\software\microsoft\windows\currentversion\explorer\recentdocs\.txt

MALWARE.TOPANTISPYWARE
换换换换换换换换换换换换换换换换换换换
obj[3]=Regkey : interface\{27ed4ac2-b6d8-4079-9831-017a100b391e}
obj[4]=Regkey : interface\{3f6d6c35-fb73-45e6-9473-bb4cc25ce019}
obj[5]=Regkey : interface\{715d709b-2b10-42fa-a069-297d25d93601}
obj[6]=Regkey : interface\{872c1b1e-3cf0-4d3a-95e5-a0c662d2854c}
obj[7]=Regkey : interface\{886b1d08-b404-40f0-aa18-4e416682a2e9}
obj[8]=Regkey : interface\{8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db}
obj[9]=Regkey : interface\{925b0211-a1c1-4712-8fca-5f5b8101736d}
obj[10]=Regkey : interface\{b01e37c4-5497-4d58-9ffd-d5653b8dc866}
obj[11]=Regkey : interface\{ccaa201c-c48d-48a8-a1e8-846562cbf1c1}
obj[12]=Regkey : interface\{d483521b-d5cc-43ff-a45a-9be4a8e6606e}
obj[13]=Regkey : interface\{ed2aff47-b7be-4273-a203-c796e87f72d2}
obj[14]=Regkey : interface\{f0fa7ed9-5a0a-4374-b63e-bebafd52192e}
obj[15]=Regkey : interface\{f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af}
obj[16]=Regkey : interface\{fb5ddab7-6aa5-4e97-9541-5a75addf4aba}
obj[17]=Regkey : interface\{fddf521b-0ebe-4d15-838c-73e2d851161b}
obj[18]=Regkey : interface\{ff609434-eb47-481b-ba0e-1d2b467629a5}
obj[19]=Regkey : typelib\{60f94d7d-563e-4942-b5ec-2de9c135c139}
obj[25]=Regkey : appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}
obj[26]=Regkey : software\microsoft\internet explorer\desktop\components\0
obj[27]=RegValue : software\microsoft\internet explorer\desktop\components\0 "SubscribedURL"
obj[28]=RegValue : software\microsoft\internet explorer\desktop\components\0 "FriendlyName"
obj[29]=RegValue : software\microsoft\internet explorer\desktop\components\0 "Flags"
obj[30]=RegValue : software\microsoft\internet explorer\desktop\components\0 "Position"
obj[31]=RegValue : software\microsoft\internet explorer\desktop\components\0 "CurrentState"
obj[32]=RegValue : software\microsoft\internet explorer\desktop\components\0 "OriginalStateInfo"
obj[33]=RegValue : software\microsoft\internet explorer\desktop\components\0 "RestoredStateInfo"
obj[34]=Regkey : software\microsoft\downloadmanager
obj[35]=File : C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP267\A0056884.exe
obj[36]=File : C:\Documents and Settings\Paul\Application Data\microsoft\internet explorer\Desktop.htt

POSSIBLE BROWSER HIJACK ATTEMPT
换换换换换换换换换换换换换换换换换换换
obj[20]=RegData : S-1-5-21-576486455-1527494283-822456451-1008\Software\Microsoft\Internet Explorer\Main "Default_Search_URL"
obj[21]=RegData : S-1-5-21-576486455-1527494283-822456451-1008\Software\Microsoft\Internet Explorer\Main "Local Page"
obj[22]=RegData : S-1-5-21-576486455-1527494283-822456451-1008\Software\Microsoft\Internet Explorer\Search "SearchAssistant"
obj[23]=RegData : S-1-5-21-576486455-1527494283-822456451-1008\Software\Microsoft\Internet Explorer\Search "CustomizeSearch"
obj[24]=RegData : S-1-5-21-576486455-1527494283-822456451-1008\Software\Microsoft\Internet Explorer\SearchURL ""