[es] - System Volume Information,recycler

macan nk
Marko Macanovic

Član broj: 181400
Poruke: 23
62.4.37.*

Profil

Re: System Volume Information,recycler

^{24.03.2010. u 17:20 - pre 171 meseci}

ComboFix 10-03-23.04 - Administrator 03/23/2010 18:20:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.363 [GMT 0:00]
Running from: c:\documents and settings\Administrator.EXPERIEN-4B3693\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\Recycle Bin
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 20:26 . 2010-03-23 20:26 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\Identities
2010-03-23 18:29 . 2008-03-20 19:38 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-03-23 18:29 . 2008-03-20 19:38 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-03-23 18:29 . 2008-03-20 19:38 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-03-23 18:29 . 2008-03-20 19:38 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-03-23 18:29 . 2008-03-20 18:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-03-23 18:29 . 2008-03-20 19:38 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-23 18:29 . 2008-03-20 20:07 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-03-23 18:29 . 2008-03-20 20:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-03-23 18:11 . 2010-03-23 18:11 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2010-03-23 18:11 . 2010-03-23 18:11 -------- d-----w- c:\windows\system32\dllcache
2010-03-23 18:09 . 2010-03-23 18:09 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-03-23 18:09 . 2010-03-23 19:08 -------- d-s---w- c:\windows\Downloaded Program Files
2010-03-23 18:07 . 2008-05-03 12:00 274944 ----a-w- c:\windows\system32\mstask.dll
2010-03-23 18:07 . 2008-05-03 12:00 192512 ----a-w- c:\windows\system32\schedsvc.dll
2010-03-23 18:07 . 2008-05-03 12:00 12288 ----a-w- c:\windows\system32\mstinit.exe
2010-03-23 18:07 . 2008-05-03 12:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-03-23 18:07 . 2008-05-03 12:00 73728 ----a-w- c:\windows\system32\icwdial.dll
2010-03-23 18:07 . 2008-05-03 12:00 65536 ----a-w- c:\windows\system32\icwphbk.dll
2010-03-23 18:07 . 2008-05-03 12:00 274432 ----a-w- c:\windows\system32\inetcfg.dll
2010-03-23 18:07 . 2010-03-23 18:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-23 18:05 . 2008-05-03 12:00 58880 ----a-w- c:\windows\system32\licwmi.dll
2010-03-23 18:05 . 2008-05-03 12:00 56320 ----a-w- c:\windows\system32\servdeps.dll
2010-03-23 18:05 . 2008-05-03 12:00 185344 ----a-w- c:\windows\system32\cmprops.dll
2010-03-23 18:05 . 2008-05-03 12:00 17408 ----a-w- c:\windows\system32\mmfutil.dll
2010-03-23 18:05 . 2008-05-03 12:00 1358848 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2010-03-23 18:05 . 2008-03-21 01:37 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-23 18:05 . 2008-03-20 19:25 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-23 18:04 . 2008-03-20 19:32 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-23 18:04 . 2008-03-20 19:39 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-03-23 18:04 . 2008-03-20 19:40 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-03-23 18:04 . 2008-03-20 19:39 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-03-23 18:04 . 2008-03-20 19:32 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-03-23 18:04 . 2008-03-20 19:39 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-03-23 18:04 . 2008-03-20 19:40 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-03-23 18:04 . 2008-03-20 19:32 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-03-23 18:04 . 2008-03-20 19:39 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-03-23 18:04 . 2008-03-20 19:32 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-03-23 18:04 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-03-23 18:03 . 2008-03-21 01:36 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-23 18:03 . 2008-03-21 01:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-03-23 18:03 . 2003-10-21 03:20 104960 ----a-w- c:\windows\system32\drivers\atinrvxx.sys
2010-03-23 18:03 . 2003-10-21 03:18 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2010-03-23 18:03 . 2003-10-21 03:23 13824 ----a-w- c:\windows\system32\drivers\atinmdxx.sys
2010-03-23 18:03 . 2008-03-20 19:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-23 18:02 . 2003-12-02 13:44 865472 ----a-w- c:\windows\system32\ati3d1ag.dll
2010-03-23 18:02 . 2001-08-17 12:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2010-03-23 18:02 . 2008-03-21 01:36 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-23 17:59 . 2008-05-03 12:00 7168 ----a-r- c:\windows\system32\kbdcz.dll
2010-03-23 17:58 . 2003-07-02 02:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-03-23 17:58 . 2010-03-23 18:18 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-03-23 17:58 . 2010-03-23 18:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-03-21 22:55 . 2010-03-21 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-03-21 21:55 . 2010-03-21 21:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2010-03-21 20:39 . 2010-03-21 20:39 -------- d-sha-r- c:\program files\cmdcons
2010-03-21 18:17 . 2010-03-21 18:23 -------- d-----w- c:\program files\Winamp
2010-03-21 16:58 . 2010-03-21 16:58 -------- d-----w- c:\program files\CCleaner
2010-03-21 16:29 . 2010-03-21 16:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2010-03-21 16:24 . 2010-03-21 16:24 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-21 16:24 . 2010-03-21 16:24 -------- d-----w- c:\program files\Ahead
2010-03-21 15:20 . 2010-03-21 15:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\windows\system32\xircom
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-21 13:04 . 2010-03-21 13:04 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-03-21 13:01 . 2010-03-23 19:27 -------- d-----w- c:\windows\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 19:43 . 2010-03-21 12:59 -------- d-----w- c:\program files\ATI Technologies
2010-03-23 19:42 . 2010-03-23 18:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 19:33 . 2010-03-23 19:33 13664 ----a-w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 19:32 . 2010-03-23 19:32 152 ----a-w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\fusioncache.dat
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Application Data\ATI
2010-03-23 18:10 . 2010-03-23 18:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-21 13:02 . 2010-03-21 12:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 12:48 . 2010-03-21 12:48 -------- d-----w- c:\program files\Analog Devices
2010-03-21 12:31 . 2010-03-21 12:31 -------- d-----w- c:\program files\Windows Media Connect 2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-05-03 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-23 18:26:28
ComboFix-quarantined-files.txt 2010-03-23 18:26
ComboFix2.txt 2010-03-21 20:58

Pre-Run: 77,794,349,056 bytes free
Post-Run: 77,846,781,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7D4EE0D002EA14832A1205E9AB435321

Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta

+88 Profil

Re: System Volume Information,recycler

^{24.03.2010. u 18:10 - pre 171 meseci}

Zasto pokrecete Combofix na svoju ruku. Prvo tebi nista ne znaci i da pokrenes Combofix kad ne znas sta posle. Drugo Combofix se pokrece iskljucivo sa desktopa i nikako drugacije. Trece to je alat za jednokratnu upotrebu i obavezno mora da se deinstalira posle koricsenja.
Ti ne mozes da ga deinstaliras jer ga nisi pokrenuo sa desktopa.
Moras da obrises ikonicu, obrises foldere c:\combofix i c:\qoobox, zatim iskljucis System restore, restartujes, pa ponovo ukljucis SR.

Instaliraj Antivirus

Odgovor na temu

macan nk
Marko Macanovic

Član broj: 181400
Poruke: 23
62.4.37.*

Profil

Re: System Volume Information,recycler

^{25.03.2010. u 16:25 - pre 171 meseci}

ComboFix 10-03-24.03 - Administrator 03/25/2010 17:10:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.348 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 16:53 . 2010-03-25 16:53 -------- d-----w- c:\windows\LastGood
2010-03-25 16:53 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-25 16:53 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-25 16:53 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-25 16:53 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-25 16:53 . 2010-03-25 16:53 -------- d-----w- c:\program files\Avira
2010-03-25 16:53 . 2010-03-25 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 00:22 . 2010-03-24 00:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 00:22 . 2010-03-24 00:21 -------- d-----w- c:\program files\ATI Technologies
2010-03-24 00:18 . 2010-03-24 00:18 -------- d-----w- c:\program files\Analog Devices
2010-03-24 00:18 . 2010-03-24 00:18 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-24 00:15 . 2010-03-24 00:15 62633 ----a-w- c:\windows\prio197uninstall.exe
2010-03-24 00:15 . 2010-03-24 00:15 -------- d-----w- c:\program files\Opera
2010-03-24 00:11 . 2010-03-24 00:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-24 00:08 . 2010-03-24 00:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
STARTXP.BAT [2008-5-3 6323]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/25/2010 4:53 PM 108289]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - IMAPISERVICE
*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\prio.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\prio.dll
.
Completion time: 2010-03-25 17:15:15
ComboFix-quarantined-files.txt 2010-03-25 17:15

Pre-Run: 79,217,815,552 bytes free
Post-Run: 79,199,657,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - AE26C9A9FF9E8B3CDBA535F11B7415E8

Odgovor na temu

macan nk
Marko Macanovic

Član broj: 181400
Poruke: 23
62.4.37.*

Profil

Re: System Volume Information,recycler

^{25.03.2010. u 16:54 - pre 171 meseci}

Avira AntiVir Personal
Report file date: Thursday, March 25, 2010 17:46

Scanning for 1903552 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : EXPERIEN-3C24DA

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 16:54:39
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 16:55:30
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:55:47
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:57:02
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:57:02
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:57:02
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:57:02
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:57:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:57:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:57:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:57:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:57:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 16:57:05
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 16:57:07
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 16:57:08
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 16:57:10
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 16:57:12
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 16:57:14
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 16:57:16
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 16:57:18
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 16:57:20
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 16:57:22
VBASE023.VDF : 7.10.5.200 2048 Bytes 3/24/2010 16:57:22
VBASE024.VDF : 7.10.5.201 2048 Bytes 3/24/2010 16:57:22
VBASE025.VDF : 7.10.5.202 2048 Bytes 3/24/2010 16:57:22
VBASE026.VDF : 7.10.5.203 2048 Bytes 3/24/2010 16:57:22
VBASE027.VDF : 7.10.5.204 2048 Bytes 3/24/2010 16:57:22
VBASE028.VDF : 7.10.5.205 2048 Bytes 3/24/2010 16:57:22
VBASE029.VDF : 7.10.5.206 2048 Bytes 3/24/2010 16:57:22
VBASE030.VDF : 7.10.5.207 2048 Bytes 3/24/2010 16:57:23
VBASE031.VDF : 7.10.5.214 71168 Bytes 3/25/2010 16:57:23
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/25/2010 16:58:04
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/25/2010 16:58:04
AESCN.DLL : 8.1.5.0 127347 Bytes 3/25/2010 16:57:58
AESBX.DLL : 8.1.2.1 254323 Bytes 3/25/2010 16:58:06
AERDL.DLL : 8.1.4.3 541043 Bytes 3/25/2010 16:57:57
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/25/2010 16:57:52
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/25/2010 16:57:49
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/25/2010 16:57:47
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/25/2010 16:57:30
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/25/2010 16:57:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 07:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/25/2010 16:57:25
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 15:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/25/2010 16:58:08
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 12:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, March 25, 2010 17:46

Starting search for hidden objects.
'16980' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'STOPREST.EXE' - '1' Module(s) have been scanned
Module is OK -> 'F:\$OEM$\INST\STOPREST.exe'
[WARNING] The file could not be opened!
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.

End of the scan: Thursday, March 25, 2010 17:52
Used time: 06:07 Minute(s)

The scan has been done completely.

929 Scanned directories
33569 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
33566 Files not concerned
305 Archives were scanned
3 Warnings
2 Notes
16980 Objects were scanned with rootkit scan
0 Hidden objects were found

Odgovor na temu