Avira Free Antivirus Report file date: 19 marca 2012 11:26 Scanning for 3569307 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : SYSTEM Computer name : MARCIN-KOMPUTER Version information: BUILD.DAT : 12.0.0.898 41963 Bytes 2012-01-31 14:50:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 2012-02-15 09:44:17 AVSCAN.DLL : 12.1.0.18 54224 Bytes 2012-02-15 09:44:17 LUKE.DLL : 12.1.0.19 68304 Bytes 2012-02-15 09:44:17 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 2012-02-15 09:44:17 AVREG.DLL : 12.1.0.29 228048 Bytes 2012-02-15 09:44:17 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 23:33:08 VBASE002.VDF : 7.11.19.170 14374912 Bytes 2011-12-20 18:41:22 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2012-02-01 18:41:23 VBASE004.VDF : 7.11.21.239 2048 Bytes 2012-02-01 18:41:23 VBASE005.VDF : 7.11.21.240 2048 Bytes 2012-02-01 18:41:23 VBASE006.VDF : 7.11.21.241 2048 Bytes 2012-02-01 18:41:23 VBASE007.VDF : 7.11.21.242 2048 Bytes 2012-02-01 18:41:23 VBASE008.VDF : 7.11.21.243 2048 Bytes 2012-02-01 18:41:23 VBASE009.VDF : 7.11.21.244 2048 Bytes 2012-02-01 18:41:23 VBASE010.VDF : 7.11.21.245 2048 Bytes 2012-02-01 18:41:23 VBASE011.VDF : 7.11.21.246 2048 Bytes 2012-02-01 18:41:23 VBASE012.VDF : 7.11.21.247 2048 Bytes 2012-02-01 18:41:23 VBASE013.VDF : 7.11.22.33 1486848 Bytes 2012-02-03 18:41:23 VBASE014.VDF : 7.11.22.56 687616 Bytes 2012-02-03 18:41:23 VBASE015.VDF : 7.11.22.92 178176 Bytes 2012-02-06 18:41:23 VBASE016.VDF : 7.11.22.154 144896 Bytes 2012-02-08 18:41:23 VBASE017.VDF : 7.11.22.220 183296 Bytes 2012-02-13 19:58:12 VBASE018.VDF : 7.11.23.34 202752 Bytes 2012-02-15 09:43:59 VBASE019.VDF : 7.11.23.98 126464 Bytes 2012-02-17 12:28:36 VBASE020.VDF : 7.11.23.150 148480 Bytes 2012-02-20 10:35:25 VBASE021.VDF : 7.11.23.224 172544 Bytes 2012-02-23 12:08:25 VBASE022.VDF : 7.11.24.52 219648 Bytes 2012-02-28 12:23:54 VBASE023.VDF : 7.11.24.152 165888 Bytes 2012-03-05 20:22:21 VBASE024.VDF : 7.11.24.204 177664 Bytes 2012-03-07 20:27:56 VBASE025.VDF : 7.11.25.30 245248 Bytes 2012-03-12 09:23:35 VBASE026.VDF : 7.11.25.121 252416 Bytes 2012-03-15 09:23:42 VBASE027.VDF : 7.11.25.122 2048 Bytes 2012-03-15 09:23:42 VBASE028.VDF : 7.11.25.123 2048 Bytes 2012-03-15 09:23:42 VBASE029.VDF : 7.11.25.124 2048 Bytes 2012-03-15 09:23:42 VBASE030.VDF : 7.11.25.125 2048 Bytes 2012-03-15 09:23:42 VBASE031.VDF : 7.11.25.142 71680 Bytes 2012-03-16 09:30:59 Engineversion : 8.2.10.24 AEVDF.DLL : 8.1.2.2 106868 Bytes 2011-12-15 14:00:10 AESCRIPT.DLL : 8.1.4.10 455035 Bytes 2012-03-16 09:24:13 AESCN.DLL : 8.1.8.2 131444 Bytes 2012-02-09 18:47:31 AESBX.DLL : 8.2.5.5 606579 Bytes 2012-03-15 09:23:46 AERDL.DLL : 8.1.9.15 639348 Bytes 2011-12-14 23:32:23 AEPACK.DLL : 8.2.16.5 803190 Bytes 2012-03-07 20:29:58 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 2012-02-09 18:46:21 AEHEUR.DLL : 8.1.4.7 4501878 Bytes 2012-03-17 09:32:29 AEHELP.DLL : 8.1.19.0 254327 Bytes 2012-02-09 18:42:24 AEGEN.DLL : 8.1.5.23 409973 Bytes 2012-03-07 20:28:29 AEEXP.DLL : 8.1.0.25 74101 Bytes 2012-03-16 09:24:14 AEEMU.DLL : 8.1.3.0 393589 Bytes 2011-12-14 23:32:19 AECORE.DLL : 8.1.25.6 201078 Bytes 2012-03-16 09:23:44 AEBB.DLL : 8.1.1.0 53618 Bytes 2011-12-14 23:32:19 AVWINLL.DLL : 12.1.0.17 27344 Bytes 2011-12-15 14:00:16 AVPREF.DLL : 12.1.0.17 51920 Bytes 2011-12-15 14:00:12 AVREP.DLL : 12.1.0.17 179408 Bytes 2011-12-15 14:00:13 AVARKT.DLL : 12.1.0.23 209360 Bytes 2012-02-15 09:44:17 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 2011-12-15 14:00:12 SQLITE3.DLL : 3.7.0.0 398288 Bytes 2011-12-15 14:00:24 AVSMTP.DLL : 12.1.0.17 62928 Bytes 2011-12-15 14:00:14 NETNT.DLL : 12.1.0.17 17104 Bytes 2011-12-15 14:00:21 RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 2011-12-15 14:00:34 RCTEXT.DLL : 12.1.1.16 96208 Bytes 2011-12-15 14:00:34 Configuration settings for the scan: Jobname.............................: AVGuardAsyncScan Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f670771\guard_slideup.avp Logging.............................: default Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: Complete Deviating risk categories...........: +APPL,+JOKE,+PCK,+PFS,+SPR, Start of the scan: 19 marca 2012 11:26 Starting search for hidden objects. c:\windows\$ntuninstallkb34655$\195809264 c:\windows\$ntuninstallkb34655$\195809264 [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\@ c:\windows\$ntuninstallkb34655$\558474774\@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\cfg.ini c:\windows\$ntuninstallkb34655$\558474774\cfg.ini [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\desktop.ini c:\windows\$ntuninstallkb34655$\558474774\desktop.ini [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\twl.dll c:\windows\$ntuninstallkb34655$\558474774\twl.dll [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\version c:\windows\$ntuninstallkb34655$\558474774\version [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\l\xadqgnnk c:\windows\$ntuninstallkb34655$\558474774\l\xadqgnnk [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\u\00000001.@ c:\windows\$ntuninstallkb34655$\558474774\u\00000001.@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\u\00000002.@ c:\windows\$ntuninstallkb34655$\558474774\u\00000002.@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\u\00000004.@ c:\windows\$ntuninstallkb34655$\558474774\u\00000004.@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\u\80000000.@ c:\windows\$ntuninstallkb34655$\558474774\u\80000000.@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\u\80000004.@ c:\windows\$ntuninstallkb34655$\558474774\u\80000004.@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774\u\80000032.@ c:\windows\$ntuninstallkb34655$\558474774\u\80000032.@ [NOTE] The file is not visible. c:\windows\$ntuninstallkb34655$\558474774 c:\windows\$ntuninstallkb34655$\558474774 [NOTE] The directory is not visible. c:\windows\$ntuninstallkb34655$\558474774\l c:\windows\$ntuninstallkb34655$\558474774\l [NOTE] The directory is not visible. c:\windows\$ntuninstallkb34655$\558474774\u c:\windows\$ntuninstallkb34655$\558474774\u [NOTE] The directory is not visible. Hidden thread [NOTE] A system thread is not visible. Hidden thread [NOTE] A system thread is not visible. ntdll.dll C:\Windows\system32\ntdll.dll [NOTE] The module is not visible ntdll.dll Hidden thread [NOTE] A system thread is not visible. Hidden driver [NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts. c:\windows\system32\ping.exe c:\windows\system32\ping.exe [NOTE] The process is not visible. The scan of running processes will be started Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'taskhost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'vssvc.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'OTL.exe' - '1' Module(s) have been scanned Scan process 'conhost.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned Scan process 'CCC.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'SRSPremiumPanel.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'Updater.exe' - '1' Module(s) have been scanned Scan process 'MOM.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'VDECK.EXE' - '1' Module(s) have been scanned Scan process 'ETDCtrl.exe' - '1' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned Scan process 'conhost.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'Fuel.Service.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'HPSIsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'AMD Reservation Manager.exe' - '1' Module(s) have been scanned Scan process 'NetworkLicenseServer.exe' - '1' Module(s) have been scanned Scan process 'WDC.exe' - '1' Module(s) have been scanned Scan process 'KBFiltr.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD2.exe' - '1' Module(s) have been scanned Scan process 'AmIcoSinglun.exe' - '1' Module(s) have been scanned Scan process 'DMedia.exe' - '1' Module(s) have been scanned Scan process 'HControlUser.exe' - '1' Module(s) have been scanned Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned Scan process 'wcourier.exe' - '1' Module(s) have been scanned Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned Scan process 'ALU.exe' - '1' Module(s) have been scanned Scan process 'ACMON.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'Dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'taskhost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'atieclxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'GFNEXSrv.exe' - '1' Module(s) have been scanned Scan process 'ASLDRSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'AUDIODG.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'atiesrxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Windows\System32\se59obex.dll' C:\Windows\System32\se59obex.dll [DETECTION] Is the TR/Sirefef.BV.2 Trojan [NOTE] The registration entry was successfully repaired. [NOTE] The registration entry was successfully repaired. [NOTE] The registration entry was successfully repaired. [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK library. [WARNING] The file could not be copied to quarantine! [WARNING] The file could not be deleted! End of the scan: 19 marca 2012 11:32 Used time: 06:21 Minute(s) The scan has been done completely. 0 Scanned directories 81 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 80 Files not concerned 0 Archives were scanned 1 Warnings 23 Notes 19478 Objects were scanned with rootkit scan 27 Hidden objects were found