Thread: Random popups and cpu running 50%
View Single Post
Old 11-19-2008, 06:00 PM   #10 (permalink)
briang3
Registered User
 
Join Date: Aug 2008
Posts: 21
OS: xp


Re: Random popups and cpu running 50%
Hi, I downloaded the Avira virus protection and heres the log from the scan:

Thanks




Avira AntiVir Personal
Report file date: Wednesday, November 19, 2008 14:44

Scanning for 1042450 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BRIAN

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 10/30/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 18:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 17:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 22:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 22:42:20
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 22:42:26
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 11/16/2008 22:42:30
ANTIVIR3.VDF : 7.1.0.110 109568 Bytes 11/19/2008 22:42:33
Engineversion : 8.2.0.34
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 20:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/19/2008 22:43:04
AESCN.DLL : 8.1.1.5 123251 Bytes 11/19/2008 22:43:01
AERDL.DLL : 8.1.1.3 438645 Bytes 11/19/2008 22:42:59
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/19/2008 22:42:56
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/19/2008 22:42:52
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/19/2008 22:42:50
AEHELP.DLL : 8.1.2.0 119159 Bytes 11/19/2008 22:42:40
AEGEN.DLL : 8.1.1.4 319861 Bytes 11/19/2008 22:42:39
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 20:05:56
AECORE.DLL : 8.1.5.0 172407 Bytes 11/19/2008 22:42:36
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 20:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 18:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 19:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/19/2008 22:42:34
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 21:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 18:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 22:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 03:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 22:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 22:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 23:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 23:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, November 19, 2008 14:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'dldtmsdmon.exe' - '1' Module(s) have been scanned
Scan process 'dsagnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'dldtmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'syntpenh.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'dldtcoms.exe' - '1' Module(s) have been scanned
Scan process 'dldtserv.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\backup\DOCUME~1\Govier\LOCALS~1\Temp\lamdp32.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '49919748.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Govier\LOCALS~1\Temp\msinfo32.dat
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '498d9762.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Govier\LOCALS~1\Temp\nimura32.exe
[DETECTION] Is the TR/Buzus.iij Trojan
[NOTE] The file was moved to '49919758.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Govier\LOCALS~1\Temp\EZ_temp\Product\TrendMicro_TAV_16.1_1063_x32_T_0806173829.exe
[0] Archive type: CAB SFX (self extracting)
--> \Readme.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Deckard\System Scanner\backup\DOCUME~1\Govier\LOCALS~1\Temp\Temporary Directory 3 for Microsoft Office XP PRO (word, excel, powerpoint, outlook, a.zip\OFFICE1.CAB
[0] Archive type: CAB (Microsoft)
--> uspmetax.7057.AF40AAF8_9187_4E0C_A23E_344075B53E7C
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49989857.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4998984f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallbuy.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49929854.qua'!
C:\Documents and Settings\Govier\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-3d56afdc
[0] Archive type: ZIP
--> OP.class
[DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
[NOTE] The file was moved to '495b986c.qua'!
C:\Documents and Settings\Govier\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-51de10e-6c0309b1.zip
[0] Archive type: ZIP
--> OP.class
[DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
[NOTE] The file was moved to '4952985b.qua'!
C:\Documents and Settings\Govier\My Documents\LimeWire\Saved\Johnny Cash & June Carter Cash - Johnny Cash & June Carter Cash - 'Cause i love you.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '498c9974.qua'!
C:\Documents and Settings\Govier\My Documents\LimeWire\Saved\Natasha Beddingfield - Take Me Away.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49989968.qua'!
C:\Program Files\SW2007SDK\swwi\data\tb0.cab
[0] Archive type: CAB (Microsoft)
--> fltile5.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\QooBox\Quarantine\C\Documents and Settings\Govier\Application Data\gadcom\gadcom.exe.vir
[DETECTION] Is the TR/Agent.amyy Trojan
[NOTE] The file was moved to '49889f1d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aqjfkn.dll.vir
[DETECTION] Is the TR/Vundo.fyd.21 Trojan
[NOTE] The file was moved to '498e9f2e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dzwxze.dll.vir
[DETECTION] Is the TR/Vundo.fyd.26 Trojan
[NOTE] The file was moved to '499b9f37.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fcccdARh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49879f20.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lmmahcfe.dll.vir
[DETECTION] Is the TR/Vundo.fyd.21 Trojan
[NOTE] The file was moved to '49919f2b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\msansspc.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49859f32.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRhiFxx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49769f30.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wkxygsql.dll.vir
[DETECTION] Is the TR/Vundo.fyd.26 Trojan
[NOTE] The file was moved to '499c9f2a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wpv274.cpx.vir
[0] Archive type: NSIS
--> ProgramFilesDir/GetModule25.exe
[DETECTION] Is the TR/Agent.akgc Trojan
[DETECTION] Contains recognition pattern of the DR/Agent.akgc dropper
[NOTE] The file was moved to '499a9f30.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wpv964.cpx.vir
[0] Archive type: NSIS
--> ProgramFilesDir/GetModule25.exe
[DETECTION] Is the TR/Agent.akgc Trojan
[DETECTION] Contains recognition pattern of the DR/Agent.akgc dropper
[NOTE] The file was moved to '481902b1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dlha\mstask32.com.vir
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '49989f33.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\spfx\hypinit32.exe.vir
[DETECTION] Is the TR/Buzus.iij Trojan
[NOTE] The file was moved to '49949f3a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\spfx\mstlsapi.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49989f35.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\spfx\olcserv32.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49879f2e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\spfx\pfsbase32.dll.vir
[DETECTION] Is the TR/Dldr.Agent.zoi Trojan
[NOTE] The file was moved to '49979f28.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP636\A0046404.dll
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '49549f13.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP639\A0053309.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '49549fba.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP639\A0053310.exe
[DETECTION] Is the TR/Agent.AJDU.2 Trojan
[NOTE] The file was moved to '48d511fb.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP639\A0053312.exe
[DETECTION] Is the TR/Agent.akgc Trojan
[NOTE] The file was moved to '49549fbb.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP639\A0053315.dll
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '48d511fc.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP639\A0053316.dll
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '49549fbd.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP639\A0053317.exe
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '49549fbc.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP641\A0053809.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.nuz worm
[NOTE] The file was moved to '49549fc6.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP641\A0053810.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49549fc7.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0053826.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.nuz worm
[NOTE] The file was moved to '48d51188.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0053827.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.nuz worm
[NOTE] The file was moved to '49549fc9.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0053829.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '49549fc8.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0053830.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48d51189.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0053831.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.nuz worm
[NOTE] The file was moved to '49549fca.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0054173.dll
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '49549fce.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0056257.dll
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '49549fff.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP642\A0056258.dll
[DETECTION] Is the TR/Peed.JVI Trojan
[NOTE] The file was moved to '48d52e40.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0057005.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0057005.exe
--> Object
[2] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.Agent.neq Trojan
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to '4954a011.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0057006.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP645\A0057006.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '48d52e52.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0058436.vbs
[DETECTION] Is the TR/Small.WY Trojan
[NOTE] The file was moved to '4954a01f.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0058438.exe
[DETECTION] Is the TR/Spy.Banbra.df.199 Trojan
[NOTE] The file was moved to '48d52e60.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0058441.exe
[DETECTION] Is the TR/Agent.amwr Trojan
[NOTE] The file was moved to '4954a021.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP655\A0058444.dll
[DETECTION] Is the TR/Agent.90624.1 Trojan
[NOTE] The file was moved to '4954a020.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP657\A0058506.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d52e62.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059654.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4954a02c.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059655.exe
[DETECTION] Is the TR/Agent.amyy Trojan
[NOTE] The file was moved to '48d52e6d.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059656.dll
[DETECTION] Is the TR/Vundo.fyd.21 Trojan
[NOTE] The file was moved to '48d6d515.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059659.dll
[DETECTION] Is the TR/Vundo.fyd.26 Trojan
[NOTE] The file was moved to '4954a02d.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059660.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d6d516.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059664.dll
[DETECTION] Is the TR/Vundo.fyd.21 Trojan
[NOTE] The file was moved to '4954a02f.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059665.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4954a02e.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP660\A0059666.dll
[DETECTION] Is the TR/Vundo.fyd.26 Trojan
[NOTE] The file was moved to '48d6d517.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0059777.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '4954a031.qua'!
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP661\A0059778.exe
[DETECTION] Is the TR/Buzus.iij Trojan
[NOTE] The file was moved to '48d6d50a.qua'!
C:\WINDOWS\http.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4998a079.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\etc\hosts.20081117-164836.backup
[DETECTION] Is the TR/AntiHosts.Gen Trojan
[NOTE] The file was moved to '4997a225.qua'!
C:\WINDOWS\system32\drivers\etc\hosts.20081117-180811.backup
[DETECTION] Is the TR/AntiHosts.Gen Trojan
[NOTE] The file was moved to '4814defe.qua'!
Begin scan in 'D:\' <Backup>


End of the scan: Wednesday, November 19, 2008 15:31
Used time: 47:29 Minute(s)

The scan has been done completely.

10057 Scanning directories
735658 Files were scanned
62 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
62 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
735589 Files not concerned
5853 Archives were scanned
8 Warnings
62 Notes
Attached Files
File Type: txt AVSCAN-20081119-144401-13F66FD8.TXT (42.0 KB, 1 views)
briang3 is offline