Avira AntiVir Personal Report file date: samedi 17 mai 2008 05:31 Scanning for 1276115 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Malekal_morte Computer name: PROUTCOMPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 18:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 17:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 17:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 17:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:08:58 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 10:34:32 ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17/05/2008 10:34:33 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 18:58:21 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 10:35:07 AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 10:35:03 AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 11:13:30 AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 10:35:01 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 11:13:28 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 10:34:49 AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 11:13:25 AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 10:34:38 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 11:13:23 AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 10:34:34 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 02:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 19:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 22:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 02:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 17:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 17:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 02:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 02:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 21:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 23:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 21:02:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, A:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 17 mai 2008 05:31 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'HijackThis.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'A:\' [INFO] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. C:\WINDOWS\system32\nnnkiFWN.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\WinCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\A11-tmpaoi.exe [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG [NOTE] The file was moved to '485fd08c.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\A16-tmpaASI.eXE [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG [NOTE] The file was moved to '4864d08d.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\stdcons.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4892d0d0.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\msetup[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Agent.NEP [NOTE] The file was moved to '4893d0db.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\setup[1].exe [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen [NOTE] The file was moved to '48a2d0ce.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\setup[2].exe [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen [NOTE] The file was moved to '48a2d0cf.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\codecbest1000[1].exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen [NOTE] The file was moved to '4892d0da.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\ldr[1].exe [0] Archive type: GZ --> ldr[1] [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48a0d0d3.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\ldr[2].exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '490f4144.qua'! C:\WINDOWS\ponsaplu.dll [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG.1 [NOTE] The file was moved to '489cd118.qua'! C:\WINDOWS\zoply.dll [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG.1 [NOTE] The file was moved to '489ed11c.qua'! C:\WINDOWS\system32\nnnkiFWN.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\ntos.exe [WARNING] The file could not be opened! C:\WINDOWS\system32\WinCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\drivers\nfO08.sys [WARNING] The file could not be opened! Begin scan in 'A:\' Search path A:\ could not be opened! The device is not ready. Begin scan in 'D:\' Search path D:\ could not be opened! The device is not ready. End of the scan: samedi 17 mai 2008 05:39 Used time: 07:53 min The scan has been done completely. 787 Scanning directories 32140 Files were scanned 15 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 11 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 32125 Files not concerned 309 Archives were scanned 7 Warnings 11 Notes