Avira Free Antivirus Report file date: 19 stycznia 2014 12:04 Scanning for 6208198 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Microsoft Windows XP Windows version : (Dodatek Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : x Computer name : X-9F0456650C3E4 Version information: BUILD.DAT : 12.1.9.1236 40872 Bytes 2012-10-11 15:58:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 2012-10-10 13:45:31 AVSCAN.DLL : 12.3.0.15 54736 Bytes 2012-06-22 10:52:15 LUKE.DLL : 12.3.0.15 68304 Bytes 2012-10-10 12:40:20 AVSCPLR.DLL : 12.3.0.27 97064 Bytes 2012-10-10 12:39:51 AVREG.DLL : 12.3.0.33 232232 Bytes 2012-10-10 12:39:47 VBASE000.VDF : 7.11.70.0 66736640 Bytes 2013-04-04 15:31:17 VBASE001.VDF : 7.11.74.226 2201600 Bytes 2013-04-30 15:31:24 VBASE002.VDF : 7.11.80.60 2751488 Bytes 2013-05-28 15:31:32 VBASE003.VDF : 7.11.85.214 2162688 Bytes 2013-06-21 15:31:38 VBASE004.VDF : 7.11.91.176 3903488 Bytes 2013-07-23 15:31:49 VBASE005.VDF : 7.11.98.186 6822912 Bytes 2013-08-29 15:32:07 VBASE006.VDF : 7.11.103.230 2293248 Bytes 2013-09-24 15:32:14 VBASE007.VDF : 7.11.116.38 5485568 Bytes 2013-11-28 15:32:29 VBASE008.VDF : 7.11.120.140 1154560 Bytes 2013-12-19 15:32:32 VBASE009.VDF : 7.11.120.141 2048 Bytes 2013-12-19 15:32:32 VBASE010.VDF : 7.11.120.142 2048 Bytes 2013-12-19 15:32:32 VBASE011.VDF : 7.11.120.143 2048 Bytes 2013-12-19 15:32:32 VBASE012.VDF : 7.11.120.144 2048 Bytes 2013-12-19 15:32:32 VBASE013.VDF : 7.11.120.145 2048 Bytes 2013-12-19 15:32:32 VBASE014.VDF : 7.11.121.19 126976 Bytes 2013-12-21 15:32:32 VBASE015.VDF : 7.11.121.147 122880 Bytes 2013-12-24 15:32:33 VBASE016.VDF : 7.11.121.233 115712 Bytes 2013-12-25 15:32:33 VBASE017.VDF : 7.11.122.57 325120 Bytes 2013-12-27 15:32:34 VBASE018.VDF : 7.11.122.123 199680 Bytes 2013-12-28 15:32:34 VBASE019.VDF : 7.11.122.219 368640 Bytes 2014-01-01 15:32:35 VBASE020.VDF : 7.11.123.39 182272 Bytes 2014-01-03 15:32:36 VBASE021.VDF : 7.11.123.141 124416 Bytes 2014-01-05 15:32:36 VBASE022.VDF : 7.11.124.11 172032 Bytes 2014-01-08 15:32:37 VBASE023.VDF : 7.11.124.79 144896 Bytes 2014-01-09 15:32:37 VBASE024.VDF : 7.11.124.177 178176 Bytes 2014-01-11 15:32:38 VBASE025.VDF : 7.11.125.41 319488 Bytes 2014-01-14 15:32:38 VBASE026.VDF : 7.11.125.149 260096 Bytes 2014-01-17 15:32:39 VBASE027.VDF : 7.11.125.150 2048 Bytes 2014-01-17 15:32:39 VBASE028.VDF : 7.11.125.151 2048 Bytes 2014-01-17 15:32:39 VBASE029.VDF : 7.11.125.152 2048 Bytes 2014-01-17 15:32:39 VBASE030.VDF : 7.11.125.153 2048 Bytes 2014-01-17 15:32:39 VBASE031.VDF : 7.11.125.176 120832 Bytes 2014-01-18 15:32:39 Engine version : 8.2.12.174 AEVDF.DLL : 8.1.3.4 102774 Bytes 2014-01-18 15:32:52 AESCRIPT.DLL : 8.1.4.180 520574 Bytes 2014-01-18 15:32:52 AESCN.DLL : 8.1.10.6 131447 Bytes 2014-01-18 15:32:52 AESBX.DLL : 8.2.20.6 1331575 Bytes 2014-01-18 15:32:54 AERDL.DLL : 8.2.0.138 704888 Bytes 2014-01-18 15:32:52 AEPACK.DLL : 8.3.3.8 762232 Bytes 2014-01-18 15:32:51 AEOFFICE.DLL : 8.1.2.76 205181 Bytes 2014-01-18 15:32:49 AEHEUR.DLL : 8.1.4.870 6459770 Bytes 2014-01-18 15:32:49 AEHELP.DLL : 8.1.27.10 266618 Bytes 2014-01-18 15:32:42 AEGEN.DLL : 8.1.7.22 446839 Bytes 2014-01-18 15:32:41 AEEXP.DLL : 8.4.1.164 409976 Bytes 2014-01-18 15:32:54 AEEMU.DLL : 8.1.3.2 393587 Bytes 2012-09-27 13:04:59 AECORE.DLL : 8.1.33.0 225657 Bytes 2014-01-18 15:32:41 AEBB.DLL : 8.1.1.4 53619 Bytes 2014-01-18 15:32:40 AVWINLL.DLL : 12.3.0.15 27344 Bytes 2012-10-10 12:39:54 AVPREF.DLL : 12.3.0.32 50720 Bytes 2012-10-10 13:44:55 AVREP.DLL : 12.3.0.15 179208 Bytes 2012-10-10 12:39:48 AVARKT.DLL : 12.3.0.33 209696 Bytes 2012-10-10 13:44:33 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 2012-10-10 12:39:45 SQLITE3.DLL : 3.7.0.1 398288 Bytes 2012-09-27 13:05:13 AVSMTP.DLL : 12.3.0.32 63480 Bytes 2012-10-10 12:39:51 NETNT.DLL : 12.3.0.15 17104 Bytes 2012-10-10 12:40:21 RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 2012-10-10 12:40:36 RCTEXT.DLL : 12.3.0.32 97056 Bytes 2012-09-27 13:05:17 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Start of the scan: 19 stycznia 2014 12:05 Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting search for hidden objects. c:\windows\system32\ntmsdata\ntmsjrnl c:\windows\system32\ntmsdata\ntmsjrnl [NOTE] The file is not visible. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\PendingFileRenameOperations [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'mscorsvw.exe' - '31' Module(s) have been scanned Scan process 'update.exe' - '42' Module(s) have been scanned Scan process 'rsmsink.exe' - '29' Module(s) have been scanned Scan process 'chrome.exe' - '42' Module(s) have been scanned Scan process 'wuauclt.exe' - '42' Module(s) have been scanned Scan process 'mscorsvw.exe' - '28' Module(s) have been scanned Scan process 'WMIADAP.EXE' - '38' Module(s) have been scanned Scan process 'wmiprvse.exe' - '40' Module(s) have been scanned Scan process 'msiexec.exe' - '33' Module(s) have been scanned Scan process 'chrome.exe' - '46' Module(s) have been scanned Scan process 'chrome.exe' - '42' Module(s) have been scanned Scan process 'chrome.exe' - '42' Module(s) have been scanned Scan process 'rundll32.exe' - '58' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '69' Module(s) have been scanned Scan process 'dllhost.exe' - '60' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'wscntfy.exe' - '19' Module(s) have been scanned Scan process 'avcenter.exe' - '92' Module(s) have been scanned Scan process 'chrome.exe' - '42' Module(s) have been scanned Scan process 'chrome.exe' - '40' Module(s) have been scanned Scan process 'chrome.exe' - '42' Module(s) have been scanned Scan process 'chrome.exe' - '80' Module(s) have been scanned Scan process 'wuauclt.exe' - '45' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'NitroPDFReaderDriverService.exe' - '19' Module(s) have been scanned Scan process 'rundll32.exe' - '56' Module(s) have been scanned Scan process 'NBService.exe' - '44' Module(s) have been scanned Scan process 'ctfmon.exe' - '26' Module(s) have been scanned Scan process 'avgnt.exe' - '64' Module(s) have been scanned Scan process 'UnlockerAssistant.exe' - '19' Module(s) have been scanned Scan process 'jusched.exe' - '21' Module(s) have been scanned Scan process 'sm56hlpr.exe' - '35' Module(s) have been scanned Scan process 'igfxpers.exe' - '28' Module(s) have been scanned Scan process 'hkcmd.exe' - '27' Module(s) have been scanned Scan process 'igfxtray.exe' - '27' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '38' Module(s) have been scanned Scan process 'Wbutton.exe' - '37' Module(s) have been scanned Scan process 'mdm.exe' - '22' Module(s) have been scanned Scan process 'HotkeyApp.exe' - '57' Module(s) have been scanned Scan process 'LaunchAp.exe' - '20' Module(s) have been scanned Scan process 'jqs.exe' - '88' Module(s) have been scanned Scan process 'avguard.exe' - '57' Module(s) have been scanned Scan process 'Explorer.EXE' - '111' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '41' Module(s) have been scanned Scan process 'spoolsv.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '172' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '36' Module(s) have been scanned Scan process 'winlogon.exe' - '74' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( '989' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\x\Dane aplikacji\Sun\Java\Deployment\cache\6.0\54\323b7476-45e741a2 [0] Archive type: ZIP --> Java.class [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.BG exploit C:\WINDOWS\system32\service105.exe [DETECTION] Is the TR/Patched.Gen Trojan C:\WINDOWS\system32\service110.exe [DETECTION] Is the TR/Patched.Gen Trojan C:\WINDOWS\system32\service133.exe [DETECTION] Is the TR/Patched.Gen Trojan C:\WINDOWS\system32\service156.exe [DETECTION] Is the TR/Patched.Gen Trojan C:\WINDOWS\system32\service171.exe [DETECTION] Is the TR/Patched.Gen Trojan C:\WINDOWS\system32\service185.exe [DETECTION] Is the TR/Patched.Gen Trojan Begin scan in 'D:\' D:\Śmieci Krzysia\Pulpit\google_sensoryka_piwa.zip [0] Archive type: ZIP --> google_sensoryka_piwa.exe [DETECTION] Is the TR/Ponmocup.A Trojan Beginning disinfection: D:\Śmieci Krzysia\Pulpit\google_sensoryka_piwa.zip [DETECTION] Is the TR/Ponmocup.A Trojan [NOTE] The file was moved to the quarantine directory under the name '503578a6.qua'. C:\WINDOWS\system32\service185.exe [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '48a5570f.qua'. C:\WINDOWS\system32\service171.exe [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '1afa0de7.qua'. C:\WINDOWS\system32\service156.exe [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '7ccd4225.qua'. C:\WINDOWS\system32\service133.exe [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '39496f1b.qua'. C:\WINDOWS\system32\service110.exe [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '46525d7a.qua'. C:\WINDOWS\system32\service105.exe [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '0aea7130.qua'. C:\Documents and Settings\x\Dane aplikacji\Sun\Java\Deployment\cache\6.0\54\323b7476-45e741a2 [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.BG exploit [NOTE] The file was moved to the quarantine directory under the name '76b13692.qua'. End of the scan: 19 stycznia 2014 15:05 Used time: 2:39:34 Hour(s) The scan has been done completely. 7524 Scanned directories 340119 Files were scanned 8 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 8 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 340111 Files not concerned 5272 Archives were scanned 0 Warnings 10 Notes 391146 Objects were scanned with rootkit scan 2 Hidden objects were found