Avira AntiVir Personal Report file date: mercredi 14 mai 2008 05:38 Scanning for 1258665 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Malekal_morte Computer name: PROUTCOMPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 18:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 17:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 17:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 17:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:13:18 ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 11:13:19 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 18:58:21 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 11/05/2008 11:13:32 AESCN.DLL : 8.1.0.16 119156 Bytes 11/05/2008 11:13:31 AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 11:13:30 AEPACK.DLL : 8.1.1.4 364918 Bytes 11/05/2008 11:13:29 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 11:13:28 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 11/05/2008 11:13:27 AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 11:13:25 AEGEN.DLL : 8.1.0.20 299380 Bytes 11/05/2008 11:13:24 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 11:13:23 AECORE.DLL : 8.1.0.28 168310 Bytes 11/05/2008 11:13:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 02:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 19:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 22:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 02:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 17:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 17:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 02:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 02:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 21:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 23:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 21:02:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, A:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 14 mai 2008 05:38 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'A:\' [INFO] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. C:\WINDOWS\system32\WinNt32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\wind32.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '4898ddaf.qua'! C:\WINDOWS\system32\maxpaynowti1.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '48a2dda7.qua'! C:\WINDOWS\system32\maxpaynow1.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '48a2dda8.qua'! C:\WINDOWS\taskmon.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '489ddda8.qua'! C:\WINDOWS\mrofinu27.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '4899ddb9.qua'! C:\WINDOWS\xpupdate.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '489fddb8.qua'! C:\WINDOWS\system32\vedxg6ame4.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '488eddad.qua'! C:\Program Files\BraveSentry\BraveSentry.exe [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Bravesentry.M [NOTE] The file was moved to '488bddba.qua'! The registry was scanned ( '34' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Malekal_morte\Application Data\Microsoft\Internet Explorer\Desktop.htt [DETECTION] Contains detection pattern of the HTML script virus HTML/Ficticious [NOTE] The file was moved to '489dddb9.qua'! C:\Documents and Settings\Malekal_morte\Desktop\c-setup.exe [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen [NOTE] The file was moved to '489ddd83.qua'! C:\Documents and Settings\Malekal_morte\Desktop\codecdemo1000.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.DNSChanger.Gen [NOTE] The file was moved to '488eddc5.qua'! C:\Documents and Settings\Malekal_morte\Desktop\setup.exe [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen [NOTE] The file was moved to '489eddbd.qua'! C:\Documents and Settings\Malekal_morte\Desktop\setup2.exe [DETECTION] Contains detection pattern of the dropper DR/Zlob.Gen [NOTE] The file was moved to '490095a6.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\1.dllb [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '488edd8b.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\11.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4858dd8e.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\12.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4858dd90.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\13.tmp [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4858dd92.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\14.tmp [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4858dd93.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\2.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '488edd8e.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\3.tmp [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489edd8e.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\4.tmp [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '489edd8f.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\5.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '488edd8f.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\6.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '49119228.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\7.dllb [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '488edd90.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\AE-tmpaASI.eXE [0] Archive type: OVL --> Object [DETECTION] Is the Trojan horse TR/BHO.Gen [NOTE] The file was moved to '4857dda7.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temp\maxpaynowti.game [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48a2ddc4.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\17PHolmes[2].cmt [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '487add9b.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\access[1].htm [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\access[1].htm [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '488dddc8.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\win32[1].exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '4898ddd5.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\7KKKCQM6\winhg[1].exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4898ddd6.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\MK0Z9QK6\winrkl[1].exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4898dddc.qua'! C:\Documents and Settings\Malekal_morte\Local Settings\Temporary Internet Files\Content.IE5\P2ZCWWUL\c-setup[1].exe [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen [NOTE] The file was moved to '489ddda3.qua'! C:\WINDOWS\desktop.html [DETECTION] Contains detection pattern of the HTML script virus HTML/Ficticious [NOTE] The file was moved to '489dde18.qua'! C:\WINDOWS\iebho.dll [DETECTION] Is the Trojan horse TR/BHO.Gen [NOTE] The file was moved to '488cde1a.qua'! C:\WINDOWS\win32ole.dll [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4898de21.qua'! C:\WINDOWS\system32\dllgh8jkd1q1.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4896df18.qua'! C:\WINDOWS\system32\dllgh8jkd1q2.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '4896df19.qua'! C:\WINDOWS\system32\dllgh8jkd1q5.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '490b9f62.qua'! C:\WINDOWS\system32\dllgh8jkd1q6.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '4896df1a.qua'! C:\WINDOWS\system32\dllgh8jkd1q7.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '490b9f63.qua'! C:\WINDOWS\system32\gwin32.dll [DETECTION] Is the Trojan horse TR/Spy.Banker.Gen [NOTE] The file was moved to '4893df2c.qua'! C:\WINDOWS\system32\maxpaynowti.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48a2df21.qua'! C:\WINDOWS\system32\swin32.dll [DETECTION] Is the Trojan horse TR/Spy.Banker.Gen [NOTE] The file was moved to '4893df5a.qua'! C:\WINDOWS\system32\vedxg4am1et2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '488edf4f.qua'! C:\WINDOWS\system32\vedxga1me4t1.exe [DETECTION] Contains detection pattern of the worm WORM/Zhelatin.Gen [NOTE] The file was moved to '488edf50.qua'! C:\WINDOWS\system32\vedxga3me2.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '49139f29.qua'! C:\WINDOWS\system32\vedxga4me1.exe [DETECTION] Is the Trojan horse TR/Dldr.Tibs.C.1 [NOTE] The file was moved to '488edf52.qua'! C:\WINDOWS\system32\WinNt32.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\drivers\asc3550p.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '488ddf6e.qua'! C:\WINDOWS\system32\drivers\Qhwm57.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '48a1df6a.qua'! C:\WINDOWS\system32\drivers\Vnv43.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\Wnv65.sys [0] Archive type: RSRC --> Object [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48a0df71.qua'! Begin scan in 'A:\' Search path A:\ could not be opened! The device is not ready. Begin scan in 'D:\' Search path D:\ could not be opened! The device is not ready. End of the scan: mercredi 14 mai 2008 05:46 Used time: 08:08 min The scan has been done completely. 792 Scanning directories 32436 Files were scanned 52 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 50 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 32384 Files not concerned 309 Archives were scanned 4 Warnings 50 Notes