Avira AntiVir Personal Report file date: 15 lutego 2012 16:00 Scanning for 3463794 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Dodatek Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MONIK Version information: BUILD.DAT : 10.2.0.707 36070 Bytes 2012-01-25 13:11:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 2011-06-28 19:49:36 AVSCAN.DLL : 10.0.5.0 47464 Bytes 2011-06-28 19:49:36 LUKE.DLL : 10.3.0.5 45416 Bytes 2011-06-28 19:49:38 LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:50 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 2011-06-28 19:49:38 AVREG.DLL : 10.3.0.9 88833 Bytes 2011-07-12 22:14:42 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 18:31:06 VBASE002.VDF : 7.11.19.170 14374912 Bytes 2011-12-20 17:44:44 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2012-02-01 17:27:34 VBASE004.VDF : 7.11.21.239 2048 Bytes 2012-02-01 17:28:18 VBASE005.VDF : 7.11.21.240 2048 Bytes 2012-02-01 17:28:18 VBASE006.VDF : 7.11.21.241 2048 Bytes 2012-02-01 17:28:18 VBASE007.VDF : 7.11.21.242 2048 Bytes 2012-02-01 17:28:18 VBASE008.VDF : 7.11.21.243 2048 Bytes 2012-02-01 17:28:18 VBASE009.VDF : 7.11.21.244 2048 Bytes 2012-02-01 17:28:18 VBASE010.VDF : 7.11.21.245 2048 Bytes 2012-02-01 17:28:18 VBASE011.VDF : 7.11.21.246 2048 Bytes 2012-02-01 17:28:18 VBASE012.VDF : 7.11.21.247 2048 Bytes 2012-02-01 17:28:18 VBASE013.VDF : 7.11.22.33 1486848 Bytes 2012-02-03 20:57:02 VBASE014.VDF : 7.11.22.56 687616 Bytes 2012-02-03 20:57:04 VBASE015.VDF : 7.11.22.92 178176 Bytes 2012-02-06 20:44:56 VBASE016.VDF : 7.11.22.154 144896 Bytes 2012-02-08 01:04:50 VBASE017.VDF : 7.11.22.220 183296 Bytes 2012-02-13 13:39:54 VBASE018.VDF : 7.11.22.221 2048 Bytes 2012-02-13 13:39:54 VBASE019.VDF : 7.11.22.222 2048 Bytes 2012-02-13 13:39:54 VBASE020.VDF : 7.11.22.223 2048 Bytes 2012-02-13 13:39:54 VBASE021.VDF : 7.11.22.224 2048 Bytes 2012-02-13 13:39:54 VBASE022.VDF : 7.11.22.225 2048 Bytes 2012-02-13 13:39:54 VBASE023.VDF : 7.11.22.226 2048 Bytes 2012-02-13 13:39:54 VBASE024.VDF : 7.11.22.227 2048 Bytes 2012-02-13 13:39:54 VBASE025.VDF : 7.11.22.228 2048 Bytes 2012-02-13 13:39:56 VBASE026.VDF : 7.11.22.229 2048 Bytes 2012-02-13 13:39:56 VBASE027.VDF : 7.11.22.230 2048 Bytes 2012-02-13 13:39:56 VBASE028.VDF : 7.11.22.231 2048 Bytes 2012-02-13 13:39:56 VBASE029.VDF : 7.11.22.232 2048 Bytes 2012-02-13 13:39:56 VBASE030.VDF : 7.11.22.233 2048 Bytes 2012-02-13 13:39:56 VBASE031.VDF : 7.11.23.26 182784 Bytes 2012-02-15 13:39:58 Engineversion : 8.2.10.2 AEVDF.DLL : 8.1.2.2 106868 Bytes 2011-10-25 21:54:46 AESCRIPT.DLL : 8.1.4.5 442745 Bytes 2012-02-10 01:05:10 AESCN.DLL : 8.1.8.2 131444 Bytes 2012-01-28 19:18:12 AESBX.DLL : 8.2.4.5 434549 Bytes 2011-12-04 11:47:48 AERDL.DLL : 8.1.9.15 639348 Bytes 2011-09-10 18:01:34 AEPACK.DLL : 8.2.16.3 799094 Bytes 2012-02-10 01:05:10 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 2011-12-31 12:30:56 AEHEUR.DLL : 8.1.3.27 4391285 Bytes 2012-02-10 01:05:06 AEHELP.DLL : 8.1.19.0 254327 Bytes 2012-01-20 14:26:04 AEGEN.DLL : 8.1.5.21 409971 Bytes 2012-02-03 20:57:10 AEEXP.DLL : 8.1.0.20 70004 Bytes 2012-02-13 12:54:40 AEEMU.DLL : 8.1.3.0 393589 Bytes 2010-11-22 11:14:56 AECORE.DLL : 8.1.25.4 201079 Bytes 2012-02-13 12:54:34 AEBB.DLL : 8.1.1.0 53618 Bytes 2010-05-06 21:36:44 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-01-14 11:03:40 AVPREF.DLL : 10.0.3.2 44904 Bytes 2011-06-28 19:49:36 AVREP.DLL : 10.0.0.10 174120 Bytes 2011-05-19 12:05:58 AVARKT.DLL : 10.0.26.1 255336 Bytes 2011-06-28 19:49:36 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 2011-06-28 19:49:36 SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-01-28 11:58:00 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-03-16 14:38:58 NETNT.DLL : 10.0.0.0 11624 Bytes 2010-02-19 13:41:02 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 2011-06-28 19:49:36 RCTEXT.DLL : 10.0.64.0 97640 Bytes 2011-06-28 19:49:36 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: Default Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: Advanced Start of the scan: 15 lutego 2012 16:00 Starting search for hidden objects. An ARK library instance is already running. The scan of running processes will be started Scan process 'taskmgr.exe' - '39' Module(s) have been scanned Scan process 'avscan.exe' - '63' Module(s) have been scanned Scan process 'avscan.exe' - '62' Module(s) have been scanned Scan process '9E0.exe' - '49' Module(s) have been scanned Scan process 'msdtc.exe' - '42' Module(s) have been scanned Scan process 'dllhost.exe' - '62' Module(s) have been scanned Scan process 'dllhost.exe' - '47' Module(s) have been scanned Scan process 'vssvc.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'lvvm.exe' - '48' Module(s) have been scanned Scan process 'WDC.exe' - '29' Module(s) have been scanned Scan process 'KBFiltr.exe' - '17' Module(s) have been scanned Scan process 'ATKOSD.exe' - '16' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'wmiprvse.exe' - '42' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '47' Module(s) have been scanned Scan process 'GoogleUpdate.exe' - '44' Module(s) have been scanned Scan process 'msmsgs.exe' - '44' Module(s) have been scanned Scan process 'ACEngSvr.exe' - '24' Module(s) have been scanned Scan process 'RocketDock.exe' - '32' Module(s) have been scanned Scan process 'ctfmon.exe' - '27' Module(s) have been scanned Scan process 'SearchSettings.exe' - '27' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '32' Module(s) have been scanned Scan process 'avgnt.exe' - '52' Module(s) have been scanned Scan process 'ACMON.exe' - '27' Module(s) have been scanned Scan process 'Hcontrol.exe' - '45' Module(s) have been scanned Scan process 'ATKOSD2.exe' - '23' Module(s) have been scanned Scan process 'BatteryLife.exe' - '20' Module(s) have been scanned Scan process 'ASScrPro.exe' - '17' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '41' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '6' Module(s) have been scanned Scan process 'StkCSrv.exe' - '17' Module(s) have been scanned Scan process 'svchost.exe' - '44' Module(s) have been scanned Scan process 'spmgr.exe' - '48' Module(s) have been scanned Scan process 'PassThruSvr.exe' - '62' Module(s) have been scanned Scan process 'nvsvc32.exe' - '42' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'LSSrvc.exe' - '19' Module(s) have been scanned Scan process 'jqs.exe' - '78' Module(s) have been scanned Scan process 'DevSvc.exe' - '50' Module(s) have been scanned Scan process 'avguard.exe' - '54' Module(s) have been scanned Scan process 'ACService.exe' - '20' Module(s) have been scanned Scan process '61F51.exe' - '61' Module(s) have been scanned Scan process 'Explorer.EXE' - '171' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'sched.exe' - '47' Module(s) have been scanned Scan process 'spoolsv.exe' - '57' Module(s) have been scanned Scan process 'GFNEXSrv.exe' - '11' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '171' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '60' Module(s) have been scanned Scan process 'services.exe' - '36' Module(s) have been scanned Scan process 'winlogon.exe' - '68' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1205' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\Monika\Ustawienia lokalne\Temp\jar_cache2319687086396780151.tmp [0] Archive type: ZIP --> qbdsrwyrmpcvljgf/aalfawcgeatltutnamlgrvmhn.class [DETECTION] Contains recognition pattern of the EXP/2011-3544.BG exploit --> qbdsrwyrmpcvljgf/lchtddbvpayphevvq.class [DETECTION] Contains recognition pattern of the EXP/2010-0840.P exploit C:\Documents and Settings\Monika\Ustawienia lokalne\Temp\jar_cache3959803673757090883.tmp [0] Archive type: ZIP --> ywvjndrhtej.class [DETECTION] Contains recognition pattern of the EXP/2011-3544.BH exploit C:\Documents and Settings\Monika\Ustawienia lokalne\Temp\~!#1CA.tmp [DETECTION] Contains recognition pattern of the DDOS/Fareit.A.6 distributed denial of service program C:\Documents and Settings\Monika\Ustawienia lokalne\Temporary Internet Files\Content.IE5\VU7YQOF4\22[1].exe [DETECTION] Is the TR/Drop.Injector.cnjv Trojan C:\Documents and Settings\Monika\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\1aa8a1e-3ed34d41 [DETECTION] Is the TR/Spy.ZBot.25.5 Trojan C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP470\A0090946.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP471\A0090994.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP471\A0090995.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP472\A0091215.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.100 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP476\A0091493.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.624 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP473\A0091258.EXE [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.222 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP473\A0091272.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.93 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP474\A0091325.EXE [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.120 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091399.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.187 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091400.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.243 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091401.exe [DETECTION] Is the TR/Krypt.zmnb Trojan C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091402.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.168 back-door program C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091404.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.545 back-door program Begin scan in 'D:\' Beginning disinfection: C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091404.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.545 back-door program [NOTE] The file was moved to the quarantine directory under the name '4c8045f1.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091402.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.168 back-door program [NOTE] The file was moved to the quarantine directory under the name '54176a56.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091401.exe [DETECTION] Is the TR/Krypt.zmnb Trojan [NOTE] The file was moved to the quarantine directory under the name '064830be.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091400.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.243 back-door program [NOTE] The file was moved to the quarantine directory under the name '607f7f7d.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP475\A0091399.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.187 back-door program [NOTE] The file was moved to the quarantine directory under the name '25fb5243.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP474\A0091325.EXE [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.120 back-door program [NOTE] The file was moved to the quarantine directory under the name '5ae06022.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP473\A0091272.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.93 back-door program [NOTE] The file was moved to the quarantine directory under the name '16584c68.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP473\A0091258.EXE [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.222 back-door program [NOTE] The file was moved to the quarantine directory under the name '6a400c38.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP476\A0091493.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.624 back-door program [NOTE] The file was moved to the quarantine directory under the name '471a2375.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP472\A0091215.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Cycbot.G.100 back-door program [NOTE] The file was moved to the quarantine directory under the name '5e7218ef.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP471\A0090995.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan [NOTE] The file was moved to the quarantine directory under the name '322e34df.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP471\A0090994.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan [NOTE] The file was moved to the quarantine directory under the name '43970d4a.qua'. C:\System Volume Information\_restore{605CEB4D-B008-4E2D-A6B5-296BA5D0BB3F}\RP470\A0090946.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen8 Trojan [NOTE] The file was moved to the quarantine directory under the name '4d8d3d8d.qua'. C:\Documents and Settings\Monika\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\1aa8a1e-3ed34d41 [DETECTION] Is the TR/Spy.ZBot.25.5 Trojan [NOTE] The file was moved to the quarantine directory under the name '08534430.qua'. C:\Documents and Settings\Monika\Ustawienia lokalne\Temporary Internet Files\Content.IE5\VU7YQOF4\22[1].exe [DETECTION] Is the TR/Drop.Injector.cnjv Trojan [NOTE] The file was moved to the quarantine directory under the name '0152406a.qua'. C:\Documents and Settings\Monika\Ustawienia lokalne\Temp\~!#1CA.tmp [DETECTION] Contains recognition pattern of the DDOS/Fareit.A.6 distributed denial of service program [NOTE] The file was moved to the quarantine directory under the name '59db5932.qua'. C:\Documents and Settings\Monika\Ustawienia lokalne\Temp\jar_cache3959803673757090883.tmp [DETECTION] Contains recognition pattern of the EXP/2011-3544.BH exploit [NOTE] The file was moved to the quarantine directory under the name '75dc203e.qua'. C:\Documents and Settings\Monika\Ustawienia lokalne\Temp\jar_cache2319687086396780151.tmp [DETECTION] Contains recognition pattern of the EXP/2010-0840.P exploit [NOTE] The file was moved to the quarantine directory under the name '4b2240e5.qua'. End of the scan: 15 lutego 2012 17:45 Used time: 1:42:50 Hour(s) The scan has been done completely. 10665 Scanned directories 428882 Files were scanned 19 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 18 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 428863 Files not concerned 8731 Archives were scanned 0 Warnings 18 Notes