sadbluescreener
Posts: 136 +0
This is the report from when Avira found the 13 worms:
Avira Free Antivirus
Report file date: Wednesday, December 05, 2012 10:25
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PRIDE
Version information:
BUILD.DAT : 13.0.0.2832 48424 Bytes 20/11/2012 13:53:00
AVSCAN.EXE : 13.4.0.294 639264 Bytes 27/11/2012 14:24:13
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 30/10/2012 22:18:42
LUKE.DLL : 13.4.0.267 67360 Bytes 27/11/2012 14:24:32
AVSCPLR.DLL : 13.4.0.271 93984 Bytes 27/11/2012 14:24:37
AVREG.DLL : 13.4.0.267 245536 Bytes 27/11/2012 14:24:36
avlode.dll : 13.4.0.294 426784 Bytes 27/11/2012 14:24:37
avlode.rdf : 13.0.0.24 7196 Bytes 27/09/2012 16:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 20:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 20:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 20:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 20:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 20:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 20:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 12:11:58
VBASE008.VDF : 7.11.50.231 2048 Bytes 22/11/2012 12:11:58
VBASE009.VDF : 7.11.50.232 2048 Bytes 22/11/2012 12:11:58
VBASE010.VDF : 7.11.50.233 2048 Bytes 22/11/2012 12:11:58
VBASE011.VDF : 7.11.50.234 2048 Bytes 22/11/2012 12:11:59
VBASE012.VDF : 7.11.50.235 2048 Bytes 22/11/2012 12:11:59
VBASE013.VDF : 7.11.50.236 2048 Bytes 22/11/2012 12:11:59
VBASE014.VDF : 7.11.51.27 133632 Bytes 23/11/2012 06:11:46
VBASE015.VDF : 7.11.51.95 140288 Bytes 26/11/2012 14:24:03
VBASE016.VDF : 7.11.51.221 164352 Bytes 29/11/2012 01:25:11
VBASE017.VDF : 7.11.52.29 158208 Bytes 01/12/2012 22:28:32
VBASE018.VDF : 7.11.52.91 116736 Bytes 03/12/2012 22:28:30
VBASE019.VDF : 7.11.52.151 137728 Bytes 05/12/2012 14:15:52
VBASE020.VDF : 7.11.52.152 2048 Bytes 05/12/2012 14:15:52
VBASE021.VDF : 7.11.52.153 2048 Bytes 05/12/2012 14:15:52
VBASE022.VDF : 7.11.52.154 2048 Bytes 05/12/2012 14:15:53
VBASE023.VDF : 7.11.52.155 2048 Bytes 05/12/2012 14:15:53
VBASE024.VDF : 7.11.52.156 2048 Bytes 05/12/2012 14:15:53
VBASE025.VDF : 7.11.52.157 2048 Bytes 05/12/2012 14:15:53
VBASE026.VDF : 7.11.52.158 2048 Bytes 05/12/2012 14:15:53
VBASE027.VDF : 7.11.52.159 2048 Bytes 05/12/2012 14:15:53
VBASE028.VDF : 7.11.52.160 2048 Bytes 05/12/2012 14:15:54
VBASE029.VDF : 7.11.52.161 2048 Bytes 05/12/2012 14:15:54
VBASE030.VDF : 7.11.52.162 2048 Bytes 05/12/2012 14:15:54
VBASE031.VDF : 7.11.52.184 65024 Bytes 05/12/2012 14:15:54
Engine version : 8.2.10.214
AEVDF.DLL : 8.1.2.10 102772 Bytes 19/09/2012 20:42:55
AESCRIPT.DLL : 8.1.4.70 467323 Bytes 02/12/2012 22:28:42
AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 19:40:47
AESBX.DLL : 8.2.5.12 606578 Bytes 28/08/2012 22:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 09/11/2012 22:12:33
AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 17:12:14
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 22:47:29
AEHEUR.DLL : 8.1.4.156 5579128 Bytes 02/12/2012 22:28:42
AEHELP.DLL : 8.1.25.2 258423 Bytes 17/10/2012 03:05:38
AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 19:38:54
AEEXP.DLL : 8.2.0.16 119157 Bytes 02/12/2012 22:28:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 20:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 09/11/2012 22:12:16
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 22:47:22
AVWINLL.DLL : 13.4.0.163 25888 Bytes 20/09/2012 00:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 20/09/2012 00:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 12/11/2012 17:12:18
AVARKT.DLL : 13.4.0.292 260384 Bytes 27/11/2012 14:24:08
AVEVTLOG.DLL : 13.4.0.267 167200 Bytes 27/11/2012 14:24:11
SQLITE3.DLL : 3.7.0.1 397088 Bytes 20/09/2012 00:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 20/09/2012 00:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 20/09/2012 00:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 20/09/2012 01:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 20/09/2012 14:18:43
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50bcbcb1\guard_slideup.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete
Start of the scan: Wednesday, December 05, 2012 10:25
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '179' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'upeksvr.exe' - '75' Module(s) have been scanned
Scan process 'spoolsv.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '80' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'devmonsrv.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'jtagserver.exe' - '32' Module(s) have been scanned
Scan process 'lxdwcoms.exe' - '54' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '38' Module(s) have been scanned
Scan process 'mbamservice.exe' - '45' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '31' Module(s) have been scanned
Scan process 'PowerBiosServer.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'vmware-usbarbitrator64.exe' - '33' Module(s) have been scanned
Scan process 'vmnat.exe' - '32' Module(s) have been scanned
Scan process 'WDDMService.exe' - '49' Module(s) have been scanned
Scan process 'WDDriveService.exe' - '53' Module(s) have been scanned
Scan process 'WDRulesEngine.exe' - '62' Module(s) have been scanned
Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '244' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '55' Module(s) have been scanned
Scan process 'obexsrv.exe' - '39' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '23' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WDFME.exe' - '95' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '111' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '53' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '46' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'ipoint.exe' - '59' Module(s) have been scanned
Scan process 'rundll32.exe' - '40' Module(s) have been scanned
Scan process 'psqltray.exe' - '102' Module(s) have been scanned
Scan process 'lxdwmon.exe' - '37' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '63' Module(s) have been scanned
Scan process 'chrome.exe' - '70' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '77' Module(s) have been scanned
Scan process 'Hotkey.exe' - '73' Module(s) have been scanned
Scan process 'nvtray.exe' - '57' Module(s) have been scanned
Scan process 'Dropbox.exe' - '77' Module(s) have been scanned
Scan process 'speedfan.exe' - '88' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'THXAudio.exe' - '57' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '53' Module(s) have been scanned
Scan process 'YouCamService.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '88' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'WDDriveAutoUnlock.exe' - '40' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'WmiApSrv.exe' - '32' Module(s) have been scanned
Scan process 'mediasrv.exe' - '41' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '70' Module(s) have been scanned
Scan process 'alg.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'BTPlayerCtrl.exe' - '40' Module(s) have been scanned
Scan process 'BTHSAmpPalService.exe' - '20' Module(s) have been scanned
Scan process 'BTHSSecurityMgr.exe' - '45' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '54' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '117' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '148' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'quartus.exe' - '319' Module(s) have been scanned
Scan process 'taskhost.exe' - '47' Module(s) have been scanned
Scan process 'adb-toolkit.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'splwow64.exe' - '30' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '43' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'quartus.exe' - '304' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '108' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '90' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe'
C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Documents\Documents.exe'
C:\Users\Public\Documents\Documents.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Downloads\Downloads.exe'
C:\Users\Public\Downloads\Downloads.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Libraries\Libraries.exe'
C:\Users\Public\Libraries\Libraries.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Music\Music.exe'
C:\Users\Public\Music\Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Music\Sample Music\Sample Music.exe'
C:\Users\Public\Music\Sample Music\Sample Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe'
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\Pictures.exe'
C:\Users\Public\Pictures\Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe'
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Public.exe'
C:\Users\Public\Public.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Recorded TV\Recorded TV.exe'
C:\Users\Public\Recorded TV\Recorded TV.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe'
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Videos\Videos.exe'
C:\Users\Public\Videos\Videos.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Beginning disinfection:
C:\Users\Public\Videos\Videos.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '59ffc40d.qua'!
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4167ebb2.qua'!
C:\Users\Public\Recorded TV\Recorded TV.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '1336b15e.qua'!
C:\Users\Public\Public.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '7502fe8c.qua'!
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '308bd3a6.qua'!
C:\Users\Public\Pictures\Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4f9ee1df.qua'!
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '02dbcd6a.qua'!
C:\Users\Public\Music\Sample Music\Sample Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '7f308ddd.qua'!
C:\Users\Public\Music\Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '5274a284.qua'!
C:\Users\Public\Libraries\Libraries.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4b0f9912.qua'!
C:\Users\Public\Downloads\Downloads.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '2744b528.qua'!
C:\Users\Public\Documents\Documents.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '56e98cbd.qua'!
C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '58d4bc97.qua'!
End of the scan: Wednesday, December 05, 2012 10:28
Used time: 00:26 Minute(s)
The scan has been done completely.
0 Scanned directories
2078 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
13 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2065 Files not concerned
5 Archives were scanned
0 Warnings
13 Notes
The scan results will be transferred to the Guard.
Avira Free Antivirus
Report file date: Wednesday, December 05, 2012 10:25
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PRIDE
Version information:
BUILD.DAT : 13.0.0.2832 48424 Bytes 20/11/2012 13:53:00
AVSCAN.EXE : 13.4.0.294 639264 Bytes 27/11/2012 14:24:13
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 30/10/2012 22:18:42
LUKE.DLL : 13.4.0.267 67360 Bytes 27/11/2012 14:24:32
AVSCPLR.DLL : 13.4.0.271 93984 Bytes 27/11/2012 14:24:37
AVREG.DLL : 13.4.0.267 245536 Bytes 27/11/2012 14:24:36
avlode.dll : 13.4.0.294 426784 Bytes 27/11/2012 14:24:37
avlode.rdf : 13.0.0.24 7196 Bytes 27/09/2012 16:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 20:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 20:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 20:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 20:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 20:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 20:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 12:11:58
VBASE008.VDF : 7.11.50.231 2048 Bytes 22/11/2012 12:11:58
VBASE009.VDF : 7.11.50.232 2048 Bytes 22/11/2012 12:11:58
VBASE010.VDF : 7.11.50.233 2048 Bytes 22/11/2012 12:11:58
VBASE011.VDF : 7.11.50.234 2048 Bytes 22/11/2012 12:11:59
VBASE012.VDF : 7.11.50.235 2048 Bytes 22/11/2012 12:11:59
VBASE013.VDF : 7.11.50.236 2048 Bytes 22/11/2012 12:11:59
VBASE014.VDF : 7.11.51.27 133632 Bytes 23/11/2012 06:11:46
VBASE015.VDF : 7.11.51.95 140288 Bytes 26/11/2012 14:24:03
VBASE016.VDF : 7.11.51.221 164352 Bytes 29/11/2012 01:25:11
VBASE017.VDF : 7.11.52.29 158208 Bytes 01/12/2012 22:28:32
VBASE018.VDF : 7.11.52.91 116736 Bytes 03/12/2012 22:28:30
VBASE019.VDF : 7.11.52.151 137728 Bytes 05/12/2012 14:15:52
VBASE020.VDF : 7.11.52.152 2048 Bytes 05/12/2012 14:15:52
VBASE021.VDF : 7.11.52.153 2048 Bytes 05/12/2012 14:15:52
VBASE022.VDF : 7.11.52.154 2048 Bytes 05/12/2012 14:15:53
VBASE023.VDF : 7.11.52.155 2048 Bytes 05/12/2012 14:15:53
VBASE024.VDF : 7.11.52.156 2048 Bytes 05/12/2012 14:15:53
VBASE025.VDF : 7.11.52.157 2048 Bytes 05/12/2012 14:15:53
VBASE026.VDF : 7.11.52.158 2048 Bytes 05/12/2012 14:15:53
VBASE027.VDF : 7.11.52.159 2048 Bytes 05/12/2012 14:15:53
VBASE028.VDF : 7.11.52.160 2048 Bytes 05/12/2012 14:15:54
VBASE029.VDF : 7.11.52.161 2048 Bytes 05/12/2012 14:15:54
VBASE030.VDF : 7.11.52.162 2048 Bytes 05/12/2012 14:15:54
VBASE031.VDF : 7.11.52.184 65024 Bytes 05/12/2012 14:15:54
Engine version : 8.2.10.214
AEVDF.DLL : 8.1.2.10 102772 Bytes 19/09/2012 20:42:55
AESCRIPT.DLL : 8.1.4.70 467323 Bytes 02/12/2012 22:28:42
AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 19:40:47
AESBX.DLL : 8.2.5.12 606578 Bytes 28/08/2012 22:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 09/11/2012 22:12:33
AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 17:12:14
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 22:47:29
AEHEUR.DLL : 8.1.4.156 5579128 Bytes 02/12/2012 22:28:42
AEHELP.DLL : 8.1.25.2 258423 Bytes 17/10/2012 03:05:38
AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 19:38:54
AEEXP.DLL : 8.2.0.16 119157 Bytes 02/12/2012 22:28:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 20:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 09/11/2012 22:12:16
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 22:47:22
AVWINLL.DLL : 13.4.0.163 25888 Bytes 20/09/2012 00:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 20/09/2012 00:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 12/11/2012 17:12:18
AVARKT.DLL : 13.4.0.292 260384 Bytes 27/11/2012 14:24:08
AVEVTLOG.DLL : 13.4.0.267 167200 Bytes 27/11/2012 14:24:11
SQLITE3.DLL : 3.7.0.1 397088 Bytes 20/09/2012 00:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 20/09/2012 00:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 20/09/2012 00:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 20/09/2012 01:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 20/09/2012 14:18:43
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50bcbcb1\guard_slideup.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete
Start of the scan: Wednesday, December 05, 2012 10:25
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '179' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'upeksvr.exe' - '75' Module(s) have been scanned
Scan process 'spoolsv.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '80' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'devmonsrv.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'jtagserver.exe' - '32' Module(s) have been scanned
Scan process 'lxdwcoms.exe' - '54' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '38' Module(s) have been scanned
Scan process 'mbamservice.exe' - '45' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '31' Module(s) have been scanned
Scan process 'PowerBiosServer.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'vmware-usbarbitrator64.exe' - '33' Module(s) have been scanned
Scan process 'vmnat.exe' - '32' Module(s) have been scanned
Scan process 'WDDMService.exe' - '49' Module(s) have been scanned
Scan process 'WDDriveService.exe' - '53' Module(s) have been scanned
Scan process 'WDRulesEngine.exe' - '62' Module(s) have been scanned
Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '244' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '55' Module(s) have been scanned
Scan process 'obexsrv.exe' - '39' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '23' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WDFME.exe' - '95' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '111' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '53' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '46' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'ipoint.exe' - '59' Module(s) have been scanned
Scan process 'rundll32.exe' - '40' Module(s) have been scanned
Scan process 'psqltray.exe' - '102' Module(s) have been scanned
Scan process 'lxdwmon.exe' - '37' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '63' Module(s) have been scanned
Scan process 'chrome.exe' - '70' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '77' Module(s) have been scanned
Scan process 'Hotkey.exe' - '73' Module(s) have been scanned
Scan process 'nvtray.exe' - '57' Module(s) have been scanned
Scan process 'Dropbox.exe' - '77' Module(s) have been scanned
Scan process 'speedfan.exe' - '88' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'THXAudio.exe' - '57' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '53' Module(s) have been scanned
Scan process 'YouCamService.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '88' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'WDDriveAutoUnlock.exe' - '40' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'WmiApSrv.exe' - '32' Module(s) have been scanned
Scan process 'mediasrv.exe' - '41' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '70' Module(s) have been scanned
Scan process 'alg.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'BTPlayerCtrl.exe' - '40' Module(s) have been scanned
Scan process 'BTHSAmpPalService.exe' - '20' Module(s) have been scanned
Scan process 'BTHSSecurityMgr.exe' - '45' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '54' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '117' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '148' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'quartus.exe' - '319' Module(s) have been scanned
Scan process 'taskhost.exe' - '47' Module(s) have been scanned
Scan process 'adb-toolkit.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'splwow64.exe' - '30' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '43' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'quartus.exe' - '304' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '108' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '90' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe'
C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Documents\Documents.exe'
C:\Users\Public\Documents\Documents.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Downloads\Downloads.exe'
C:\Users\Public\Downloads\Downloads.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Libraries\Libraries.exe'
C:\Users\Public\Libraries\Libraries.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Music\Music.exe'
C:\Users\Public\Music\Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Music\Sample Music\Sample Music.exe'
C:\Users\Public\Music\Sample Music\Sample Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe'
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\Pictures.exe'
C:\Users\Public\Pictures\Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe'
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Public.exe'
C:\Users\Public\Public.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Recorded TV\Recorded TV.exe'
C:\Users\Public\Recorded TV\Recorded TV.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe'
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Videos\Videos.exe'
C:\Users\Public\Videos\Videos.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Beginning disinfection:
C:\Users\Public\Videos\Videos.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '59ffc40d.qua'!
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4167ebb2.qua'!
C:\Users\Public\Recorded TV\Recorded TV.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '1336b15e.qua'!
C:\Users\Public\Public.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '7502fe8c.qua'!
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '308bd3a6.qua'!
C:\Users\Public\Pictures\Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4f9ee1df.qua'!
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '02dbcd6a.qua'!
C:\Users\Public\Music\Sample Music\Sample Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '7f308ddd.qua'!
C:\Users\Public\Music\Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '5274a284.qua'!
C:\Users\Public\Libraries\Libraries.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4b0f9912.qua'!
C:\Users\Public\Downloads\Downloads.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '2744b528.qua'!
C:\Users\Public\Documents\Documents.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '56e98cbd.qua'!
C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '58d4bc97.qua'!
End of the scan: Wednesday, December 05, 2012 10:28
Used time: 00:26 Minute(s)
The scan has been done completely.
0 Scanned directories
2078 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
13 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2065 Files not concerned
5 Archives were scanned
0 Warnings
13 Notes
The scan results will be transferred to the Guard.