Avira AntiVir Personal Report file date: Monday, May 26, 2008 10:20 Scanning for 1292849 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PROUTCOMPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 18:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 17:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 17:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 17:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:08:58 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 10:34:32 ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 26/05/2008 16:54:56 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 18:58:21 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 10:35:07 AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 10:35:03 AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 11:13:30 AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 10:35:01 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 11:13:28 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 10:34:49 AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 11:13:25 AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 10:34:38 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 11:13:23 AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 10:34:34 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 02:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 19:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 22:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 02:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 17:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 17:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 02:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 02:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 21:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 23:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 21:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Monday, May 26, 2008 10:20 Starting search for hidden objects. c:\windows\system32\drivers\xpx47.sys [INFO] The file is not visible. [DETECTION] Is the Trojan horse TR/Rootkit.Gen [WARNING] The file was ignored! '21052' objects were checked, '1' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ashSimp2.exe' - '1' Module(s) have been scanned Scan process 'spools.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'procexp.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'avgtray.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'VMwareUser.exe' - '1' Module(s) have been scanned Scan process 'VMwareTray.exe' - '1' Module(s) have been scanned Scan process 'avgemc.exe' - '1' Module(s) have been scanned Scan process 'avgrsx.exe' - '1' Module(s) have been scanned Scan process 'VMwareService.exe' - '1' Module(s) have been scanned Scan process 'CbEvtSvc.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\System32\CbEvtSvc.exe' Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 32 processes with 32 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. C:\WINDOWS\system32\WinCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\mrofinu27.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! The registry was scanned ( '24' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Application Data\1960716034.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\Documents and Settings\LocalService\Application Data\562595360.exe [DETECTION] Is the Trojan horse TR/Pakes.cml [WARNING] The file was ignored! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K1AJK9QR\scan[1].exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LQWH5XT8\s2[1].exe [DETECTION] Is the Trojan horse TR/Pakes.cml [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Application Data\Microsoft\Internet Explorer\Desktop.htt [DETECTION] Contains detection pattern of the HTML script virus HTML/Ficticious [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.dllb [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.tmp [DETECTION] Is the Trojan horse TR/Pakes.cyu.7 [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.tmp [DETECTION] Is the Trojan horse TR/Pakes.cyu.7 [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\3.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\4.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\5.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\6.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\7.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\8.tmp [DETECTION] Is the Trojan horse TR/Pakes.cyu.7 [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\9.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\C.tmp [DETECTION] Is the Trojan horse TR/Pakes.cyu.7 [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\D.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\maxpaynow.game [DETECTION] Is the Trojan horse TR/Dldr.Tibs.WW [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\maxpaynowti.game [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\v3xd1.g22me [DETECTION] Is the Trojan horse TR/Dldr.Tibs.C.1 [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\v4xd3.ga2me [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\v4xd6.gam5e [DETECTION] Is the Trojan horse TR/Peed.JJE [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\v5xd2.g3ame [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\v5xd4.ga2me [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\v6xdt4.game [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\vx1dt1.game [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\vx1dt3.game [DETECTION] Is the Trojan horse TR/Spy.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\vx3dt2.game [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\17PHolmes[1].cmt [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\access[1].htm [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\access[1].htm [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\found[1].exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.yw [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\video[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Exchanger.BH [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\access[1].htm [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\access[1].htm [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\winzl2[2].exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\access[1].htm [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\access[1].htm [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\win32[1].exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\winem[1].exe [DETECTION] Is the Trojan horse TR/Pakes.cyu.7 [WARNING] The file was ignored! C:\Program Files\BraveSentry\BraveSentry.exe [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Bravesentry.M [WARNING] The file was ignored! C:\Program Files\InetGet2\sacatapo821058.exe [DETECTION] Contains detection pattern of the dropper DR/TTC.D [WARNING] The file was ignored! C:\WINDOWS\desktop.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Ficticious [WARNING] The file was ignored! C:\WINDOWS\herjek.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.yw [WARNING] The file was ignored! C:\WINDOWS\mrofinu27.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\WINDOWS\mrofinu27.exe.tmp [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\WINDOWS\taskmon.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\win32ole.dll [DETECTION] Is the Trojan horse TR/Dropper.Gen [WARNING] The file was ignored! C:\WINDOWS\xpupdate.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\CbEvtSvc.exe [DETECTION] Is the Trojan horse TR/Dldr.Exchanger.BH [WARNING] The file was ignored! C:\WINDOWS\system32\dllgh8jkd1q1.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\dllgh8jkd1q2.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\dllgh8jkd1q5.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\dllgh8jkd1q6.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\dllgh8jkd1q7.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\found.exe.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.yw [WARNING] The file was ignored! C:\WINDOWS\system32\maxpaynow1.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\maxpaynowti.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\maxpaynowti1.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxg3am1et3.exe [DETECTION] Is the Trojan horse TR/Spy.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxg4am1et2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxg6ame4.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxga1me4t1.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxga3me2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxga4m1et4.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\vedxga4me1.exe [DETECTION] Is the Trojan horse TR/Dldr.Tibs.C.1 [WARNING] The file was ignored! C:\WINDOWS\system32\vedxga5me3.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\WinCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\WinCtrl32.dl_ [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\wind32.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\WLCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\WLCtrl32.dl_ [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\config\44177964.Evt [DETECTION] Is the Trojan horse TR/Rootkit.Gen [WARNING] The file was ignored! C:\WINDOWS\system32\drivers\Ara32.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\Dud43.sys [0] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Dldr.Mutant.YQ.73 [WARNING] The file was ignored! C:\WINDOWS\system32\drivers\hyI54.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\Yqa22.sys [WARNING] The file could not be opened! C:\WINDOWS\Temp\BN47.tmp [DETECTION] Is the Trojan horse TR/Pakes.cwv [WARNING] The file was ignored! End of the scan: Monday, May 26, 2008 10:52 Used time: 32:30 min The scan has been done completely. 800 Scanning directories 32103 Files were scanned 77 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 32026 Files not concerned 309 Archives were scanned 80 Warnings 0 Notes 21052 Objects were scanned with rootkit scan 1 Hidden objects were found