Avira AntiVir Personal Report file date: lundi 19 mai 2008 10:31 Scanning for 1279773 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Malekal_morte Computer name: PROUTCOMPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 18:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 17:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 17:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 17:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:08:58 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 10:34:32 ANTIVIR3.VDF : 7.0.4.62 56320 Bytes 19/05/2008 17:19:18 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 18:58:21 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 17/05/2008 10:35:07 AESCN.DLL : 8.1.0.18 119156 Bytes 17/05/2008 10:35:03 AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 11:13:30 AEPACK.DLL : 8.1.1.5 364918 Bytes 17/05/2008 10:35:01 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 11:13:28 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 17/05/2008 10:34:49 AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 11:13:25 AEGEN.DLL : 8.1.0.21 303477 Bytes 17/05/2008 10:34:38 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 11:13:23 AECORE.DLL : 8.1.0.29 168311 Bytes 17/05/2008 10:34:34 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 02:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 19:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 22:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 02:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 17:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 17:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 02:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 02:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 21:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 23:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 21:02:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, A:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 19 mai 2008 10:31 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'procexp.exe' - '1' Module(s) have been scanned Scan process 'avgtray.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'VMwareUser.exe' - '1' Module(s) have been scanned Scan process 'VMwareTray.exe' - '1' Module(s) have been scanned Scan process 'avgemc.exe' - '1' Module(s) have been scanned Scan process 'avgrsx.exe' - '1' Module(s) have been scanned Scan process 'VMwareService.exe' - '1' Module(s) have been scanned Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 25 processes with 25 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'A:\' [INFO] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. C:\WINDOWS\system32\nnnkiFWN.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\WinCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\Documents and Settings\Malekal_morte\Local Settings\Temp\setup_526_1_.exe [DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.abk [NOTE] The file was moved to '48a5b9df.qua'! The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\A11-tmpaoi.exe [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG [NOTE] The file was moved to '4862b9cc.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\A16-tmpaASI.eXE [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG [NOTE] The file was moved to '4867b9cd.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\mxqrf56g12.dat [DETECTION] Contains detection pattern of the dropper DR/Vapsup.epc.21 [NOTE] The file was moved to '48a2ba14.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\stdcons.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4895ba10.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\drv32[1].data [DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.abg [NOTE] The file was moved to '48a7ba14.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\MK0Z9QK6\setup[1].exe --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Dldr.Delf.hvk [NOTE] The file was moved to '48a5ba11.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\c-setup[1].exe --> Object [1] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Dldr.Delf.hvk [NOTE] The file was moved to '48a4b9de.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\msetup[1].exe [DETECTION] Is the Trojan horse TR/Dldr.Agent.NEP [NOTE] The file was moved to '4896ba26.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\setup[1].exe [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen [NOTE] The file was moved to '48a5ba19.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\setup[2].exe [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen [NOTE] The file was moved to '4915c552.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\codecbest1000[1].exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen [NOTE] The file was moved to '4895ba25.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\ldr[1].exe [0] Archive type: GZ --> ldr[1] [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48a3ba1e.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\TS9EMJMO\ldr[2].exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4913c557.qua'! C:\WINDOWS\emxa.exe [DETECTION] Is the Trojan horse TR/Vapsup.fjf [NOTE] The file was moved to '48a9bac2.qua'! C:\WINDOWS\mpfanvqg.dll [DETECTION] Is the Trojan horse TR/Vapsup.fjb [NOTE] The file was moved to '4897bac6.qua'! C:\WINDOWS\oadkxrts.exe [DETECTION] Is the Trojan horse TR/Vapsup.fjc [NOTE] The file was moved to '4895bab8.qua'! C:\WINDOWS\ponsaplu.dll [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG.1 [NOTE] The file was moved to '489fbaca.qua'! C:\WINDOWS\zoply.dll [DETECTION] Is the Trojan horse TR/Dldr.Peregar.CG.1 [NOTE] The file was moved to '48a1bad1.qua'! C:\WINDOWS\system32\nnnkiFWN.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\WinCtrl32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\WinCtrl32.dl_ [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4933dd14.qua'! C:\WINDOWS\system32\158117\158117.dll [DETECTION] Is the Trojan horse TR/BHO.DM [NOTE] The file was moved to '4869bdbd.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89A7CDEF\vsjjxbs[1].htm [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489bbe03.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIFKLMN\vfsgxkb[1].txt [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48a4bdf7.qua'! C:\WINDOWS\system32\drivers\nfO08.sys [WARNING] The file could not be opened! Begin scan in 'A:\' Search path A:\ could not be opened! The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted. Begin scan in 'D:\' Search path D:\ could not be opened! The device is not ready. End of the scan: lundi 19 mai 2008 10:51 Used time: 20:06 min The scan has been done completely. 792 Scanning directories 32190 Files were scanned 27 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 23 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 32163 Files not concerned 309 Archives were scanned 6 Warnings 23 Notes