Avira Free Antivirus Report file date: 28 marca 2012 15:44 Scanning for 3544225 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Dodatek Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Administrator Computer name : KOMPUTER Version information: BUILD.DAT : 12.0.0.898 41963 Bytes 2012-01-31 14:50:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 2012-01-31 06:56:54 AVSCAN.DLL : 12.1.0.18 54224 Bytes 2012-01-31 06:57:27 LUKE.DLL : 12.1.0.19 68304 Bytes 2012-01-31 06:57:02 AVSCPLR.DLL : 12.1.0.22 99848 Bytes 2012-03-28 13:42:12 AVREG.DLL : 12.1.0.29 227848 Bytes 2012-03-28 13:42:12 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 13:42:12 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 13:42:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 2011-12-20 13:42:13 VBASE003.VDF : 7.11.21.238 4472832 Bytes 2012-02-01 13:42:13 VBASE004.VDF : 7.11.26.44 4329472 Bytes 2012-03-28 13:42:13 VBASE005.VDF : 7.11.26.45 2048 Bytes 2012-03-28 13:42:13 VBASE006.VDF : 7.11.26.46 2048 Bytes 2012-03-28 13:42:13 VBASE007.VDF : 7.11.26.47 2048 Bytes 2012-03-28 13:42:13 VBASE008.VDF : 7.11.26.48 2048 Bytes 2012-03-28 13:42:13 VBASE009.VDF : 7.11.26.49 2048 Bytes 2012-03-28 13:42:13 VBASE010.VDF : 7.11.26.50 2048 Bytes 2012-03-28 13:42:13 VBASE011.VDF : 7.11.26.51 2048 Bytes 2012-03-28 13:42:13 VBASE012.VDF : 7.11.26.52 2048 Bytes 2012-03-28 13:42:13 VBASE013.VDF : 7.11.26.53 2048 Bytes 2012-03-28 13:42:13 VBASE014.VDF : 7.11.26.54 2048 Bytes 2012-03-28 13:42:13 VBASE015.VDF : 7.11.26.55 2048 Bytes 2012-03-28 13:42:13 VBASE016.VDF : 7.11.26.56 2048 Bytes 2012-03-28 13:42:13 VBASE017.VDF : 7.11.26.57 2048 Bytes 2012-03-28 13:42:13 VBASE018.VDF : 7.11.26.58 2048 Bytes 2012-03-28 13:42:13 VBASE019.VDF : 7.11.26.59 2048 Bytes 2012-03-28 13:42:13 VBASE020.VDF : 7.11.26.60 2048 Bytes 2012-03-28 13:42:13 VBASE021.VDF : 7.11.26.61 2048 Bytes 2012-03-28 13:42:13 VBASE022.VDF : 7.11.26.62 2048 Bytes 2012-03-28 13:42:13 VBASE023.VDF : 7.11.26.63 2048 Bytes 2012-03-28 13:42:13 VBASE024.VDF : 7.11.26.64 2048 Bytes 2012-03-28 13:42:13 VBASE025.VDF : 7.11.26.65 2048 Bytes 2012-03-28 13:42:13 VBASE026.VDF : 7.11.26.66 2048 Bytes 2012-03-28 13:42:13 VBASE027.VDF : 7.11.26.67 2048 Bytes 2012-03-28 13:42:13 VBASE028.VDF : 7.11.26.68 2048 Bytes 2012-03-28 13:42:13 VBASE029.VDF : 7.11.26.69 2048 Bytes 2012-03-28 13:42:13 VBASE030.VDF : 7.11.26.70 2048 Bytes 2012-03-28 13:42:13 VBASE031.VDF : 7.11.26.72 2048 Bytes 2012-03-28 13:42:13 Engineversion : 8.2.10.28 AEVDF.DLL : 8.1.2.2 106868 Bytes 2012-03-28 13:42:12 AESCRIPT.DLL : 8.1.4.13 442746 Bytes 2012-03-28 13:42:12 AESCN.DLL : 8.1.8.2 131444 Bytes 2012-03-28 13:42:12 AESBX.DLL : 8.2.5.5 606579 Bytes 2012-03-28 13:42:12 AERDL.DLL : 8.1.9.15 639348 Bytes 2012-03-28 13:42:12 AEPACK.DLL : 8.2.16.7 803190 Bytes 2012-03-28 13:42:12 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 2012-03-28 13:42:12 AEHEUR.DLL : 8.1.4.8 4514165 Bytes 2012-03-28 13:42:12 AEHELP.DLL : 8.1.19.0 254327 Bytes 2012-03-28 13:42:12 AEGEN.DLL : 8.1.5.23 409973 Bytes 2012-03-28 13:42:11 AEEXP.DLL : 8.1.0.25 74101 Bytes 2012-03-28 13:42:11 AEEMU.DLL : 8.1.3.0 393589 Bytes 2012-03-28 13:42:11 AECORE.DLL : 8.1.25.6 201078 Bytes 2012-03-28 13:42:11 AEBB.DLL : 8.1.1.0 53618 Bytes 2012-03-28 13:42:11 AVWINLL.DLL : 12.1.0.17 27344 Bytes 2012-01-31 06:56:55 AVPREF.DLL : 12.1.0.17 51920 Bytes 2012-01-31 06:56:53 AVREP.DLL : 12.1.0.17 179208 Bytes 2012-03-28 13:42:12 AVARKT.DLL : 12.1.0.23 209360 Bytes 2012-01-31 06:56:49 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 2012-01-31 06:56:50 SQLITE3.DLL : 3.7.0.0 398288 Bytes 2012-01-31 06:57:08 AVSMTP.DLL : 12.1.0.17 62928 Bytes 2012-01-31 06:56:54 NETNT.DLL : 12.1.0.17 17104 Bytes 2012-01-31 06:57:04 RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 2012-01-31 06:57:30 RCTEXT.DLL : 12.1.1.16 96208 Bytes 2012-01-31 06:57:30 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: default Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: 28 marca 2012 15:44 Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Master boot sector HD5 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting search for hidden objects. Hidden thread [NOTE] A system thread is not visible. Hidden thread [NOTE] A system thread is not visible. Hidden driver [NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts. The scan of running processes will be started Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '60' Module(s) have been scanned Scan process 'dllhost.exe' - '46' Module(s) have been scanned Scan process 'vssvc.exe' - '49' Module(s) have been scanned Scan process 'avscan.exe' - '63' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'avguard.exe' - '61' Module(s) have been scanned Scan process 'avcenter.exe' - '92' Module(s) have been scanned Scan process 'firefox2.exe' - '89' Module(s) have been scanned Scan process 'WVPNMonitor.exe' - '67' Module(s) have been scanned Scan process 'rundll32.exe' - '37' Module(s) have been scanned Scan process 'avgnt.exe' - '60' Module(s) have been scanned Scan process 'jusched.exe' - '43' Module(s) have been scanned Scan process 'ConnecteSupport.exe' - '39' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '23' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'jqs.exe' - '83' Module(s) have been scanned Scan process 'Connect.exe' - '51' Module(s) have been scanned Scan process 'ATService.exe' - '25' Module(s) have been scanned Scan process 'sched.exe' - '38' Module(s) have been scanned Scan process 'Explorer.EXE' - '122' Module(s) have been scanned Scan process 'spoolsv.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '43' Module(s) have been scanned Scan process 'svchost.exe' - '163' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '35' Module(s) have been scanned Scan process 'winlogon.exe' - '65' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( '1069' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\Administrator\Moje dokumenty\GoD\iGoD.exe [DETECTION] Is the TR/VKHost.apy Trojan C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SweetIM34.zip [DETECTION] Contains suspicious code GEN/PwdZIP C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SweetIM36.zip [DETECTION] Contains suspicious code GEN/PwdZIP C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SweetIM62.zip [DETECTION] Contains suspicious code GEN/PwdZIP C:\Program Files\Wru\Wru.exe [DETECTION] Is the TR/Drop.Agent.twa.18 Trojan Beginning disinfection: C:\Program Files\Wru\Wru.exe [DETECTION] Is the TR/Drop.Agent.twa.18 Trojan [NOTE] The file was moved to the quarantine directory under the name '4d1a8045.qua'. C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SweetIM62.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to the quarantine directory under the name '55bdafff.qua'. C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SweetIM36.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to the quarantine directory under the name '07e2f517.qua'. C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SweetIM34.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to the quarantine directory under the name '61d5bad5.qua'. C:\Documents and Settings\Administrator\Moje dokumenty\GoD\iGoD.exe [DETECTION] Is the TR/VKHost.apy Trojan [NOTE] The file could not be copied to quarantine! [NOTE] The file does not exist! End of the scan: 28 marca 2012 16:43 Used time: 49:59 Minute(s) The scan has been done completely. 9357 Scanned directories 514766 Files were scanned 2 Viruses and/or unwanted programs were found 3 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 4 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 514761 Files not concerned 11001 Archives were scanned 0 Warnings 8 Notes 495118 Objects were scanned with rootkit scan 3 Hidden objects were found