Avira Free Antivirus Report file date: 21 stycznia 2014 08:57 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Microsoft Windows XP Windows version : (Dodatek Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : xxx Computer name : WESTO Version information: BUILD.DAT : 14.0.2.286 55547 Bytes 2013-12-09 11:37:00 AVSCAN.EXE : 14.0.2.254 1032760 Bytes 2013-12-19 00:07:24 AVSCANRC.DLL : 14.0.2.180 52280 Bytes 2013-12-19 00:07:25 LUKE.DLL : 14.0.2.234 65592 Bytes 2013-12-19 00:08:00 AVSCPLR.DLL : 14.0.2.254 124472 Bytes 2013-12-19 00:07:25 AVREG.DLL : 14.0.2.212 250424 Bytes 2013-12-19 00:07:24 avlode.dll : 14.0.2.254 540216 Bytes 2013-12-19 00:07:23 avlode.rdf : 13.0.1.66 56973 Bytes 2014-01-18 14:22:54 VBASE000.VDF : 7.11.70.0 66736640 Bytes 2013-04-04 13:25:32 VBASE001.VDF : 7.11.74.226 2201600 Bytes 2013-04-30 13:48:00 VBASE002.VDF : 7.11.80.60 2751488 Bytes 2013-05-28 19:45:12 VBASE003.VDF : 7.11.85.214 2162688 Bytes 2013-06-21 17:25:14 VBASE004.VDF : 7.11.91.176 3903488 Bytes 2013-07-23 09:11:39 VBASE005.VDF : 7.11.98.186 6822912 Bytes 2013-08-29 09:35:40 VBASE006.VDF : 7.11.103.230 2293248 Bytes 2013-09-24 09:37:16 VBASE007.VDF : 7.11.116.38 5485568 Bytes 2013-11-28 14:34:30 VBASE008.VDF : 7.11.120.140 1154560 Bytes 2013-12-19 14:38:47 VBASE009.VDF : 7.11.120.141 2048 Bytes 2013-12-19 14:38:47 VBASE010.VDF : 7.11.120.142 2048 Bytes 2013-12-19 14:38:47 VBASE011.VDF : 7.11.120.143 2048 Bytes 2013-12-19 14:38:47 VBASE012.VDF : 7.11.120.144 2048 Bytes 2013-12-19 14:38:47 VBASE013.VDF : 7.11.120.145 2048 Bytes 2013-12-19 14:38:47 VBASE014.VDF : 7.11.121.19 126976 Bytes 2013-12-21 18:53:31 VBASE015.VDF : 7.11.121.147 122880 Bytes 2013-12-24 18:53:31 VBASE016.VDF : 7.11.121.233 115712 Bytes 2013-12-25 18:53:32 VBASE017.VDF : 7.11.122.57 325120 Bytes 2013-12-27 18:53:32 VBASE018.VDF : 7.11.122.123 199680 Bytes 2013-12-28 18:53:33 VBASE019.VDF : 7.11.122.219 368640 Bytes 2014-01-01 18:53:33 VBASE020.VDF : 7.11.123.39 182272 Bytes 2014-01-03 18:53:34 VBASE021.VDF : 7.11.123.141 124416 Bytes 2014-01-05 18:53:34 VBASE022.VDF : 7.11.124.11 172032 Bytes 2014-01-08 07:45:42 VBASE023.VDF : 7.11.124.79 144896 Bytes 2014-01-09 15:25:39 VBASE024.VDF : 7.11.124.177 178176 Bytes 2014-01-11 17:16:43 VBASE025.VDF : 7.11.125.41 319488 Bytes 2014-01-14 08:04:29 VBASE026.VDF : 7.11.125.149 260096 Bytes 2014-01-17 14:22:48 VBASE027.VDF : 7.11.125.207 190976 Bytes 2014-01-20 21:25:11 VBASE028.VDF : 7.11.125.208 2048 Bytes 2014-01-20 21:25:11 VBASE029.VDF : 7.11.125.209 2048 Bytes 2014-01-20 21:25:11 VBASE030.VDF : 7.11.125.210 2048 Bytes 2014-01-20 21:25:11 VBASE031.VDF : 7.11.125.248 130048 Bytes 2014-01-21 05:02:33 Engine version : 8.2.12.174 AEVDF.DLL : 8.1.3.4 102774 Bytes 2013-06-14 05:54:27 AESCRIPT.DLL : 8.1.4.180 520574 Bytes 2014-01-18 14:22:53 AESCN.DLL : 8.1.10.6 131447 Bytes 2013-12-11 16:29:04 AESBX.DLL : 8.2.20.6 1331575 Bytes 2014-01-13 19:49:53 AERDL.DLL : 8.2.0.138 704888 Bytes 2013-12-05 14:34:40 AEPACK.DLL : 8.3.3.8 762232 Bytes 2013-12-20 14:40:27 AEOFFICE.DLL : 8.1.2.76 205181 Bytes 2013-08-08 15:01:02 AEHEUR.DLL : 8.1.4.870 6459770 Bytes 2014-01-18 14:22:52 AEHELP.DLL : 8.1.27.10 266618 Bytes 2013-11-25 10:38:35 AEGEN.DLL : 8.1.7.22 446839 Bytes 2014-01-18 14:22:50 AEEXP.DLL : 8.4.1.164 409976 Bytes 2014-01-09 15:26:31 AEEMU.DLL : 8.1.3.2 393587 Bytes 2012-09-19 13:42:55 AECORE.DLL : 8.1.33.0 225657 Bytes 2013-12-11 16:29:02 AEBB.DLL : 8.1.1.4 53619 Bytes 2012-11-06 00:30:21 AVWINLL.DLL : 14.0.2.180 23608 Bytes 2013-12-19 00:06:52 AVPREF.DLL : 14.0.2.180 48696 Bytes 2013-12-19 00:07:23 AVREP.DLL : 14.0.2.180 175672 Bytes 2013-12-19 00:07:24 AVARKT.DLL : 14.0.2.254 256056 Bytes 2013-12-19 00:07:08 AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 2013-12-19 00:07:21 SQLITE3.DLL : 3.7.0.1 397088 Bytes 2012-09-19 17:17:40 AVSMTP.DLL : 14.0.2.180 60472 Bytes 2013-12-19 00:07:25 NETNT.DLL : 14.0.2.180 13368 Bytes 2013-12-19 00:08:01 RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 2013-12-19 00:06:53 RCTEXT.DLL : 14.0.2.236 72760 Bytes 2013-12-19 00:06:53 Configuration settings for the scan: Jobname.............................: Manual Selection Configuration file..................: C:\Documents and Settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\PROFILES\folder.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: extended Deviating risk categories...........: +APPL,+PCK, Start of the scan: 21 stycznia 2014 08:57 Start scanning boot sectors: Boot sector 'HDD0(C:)' [INFO] No virus was found! Starting search for hidden objects. The scan of running processes will be started: Scan process 'wmic.exe' - '47' Module(s) have been scanned Scan process 'cmd.exe' - '26' Module(s) have been scanned Scan process 'wmiprvse.exe' - '44' Module(s) have been scanned Scan process 'rsmsink.exe' - '31' Module(s) have been scanned Scan process 'msdtc.exe' - '42' Module(s) have been scanned Scan process 'dllhost.exe' - '64' Module(s) have been scanned Scan process 'dllhost.exe' - '47' Module(s) have been scanned Scan process 'vssvc.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '97' Module(s) have been scanned Scan process 'avcenter.exe' - '86' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'wmiprvse.exe' - '43' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '47' Module(s) have been scanned Scan process 'wmiprvse.exe' - '53' Module(s) have been scanned Scan process 'unsecapp.exe' - '39' Module(s) have been scanned Scan process 'soffice.bin' - '81' Module(s) have been scanned Scan process 'wwanSvc.exe' - '39' Module(s) have been scanned Scan process 'WLKeeper.exe' - '66' Module(s) have been scanned Scan process 'soffice.exe' - '15' Module(s) have been scanned Scan process 'TeamViewer_Service.exe' - '78' Module(s) have been scanned Scan process 'svchost.exe' - '49' Module(s) have been scanned Scan process 'device_detector.exe' - '20' Module(s) have been scanned Scan process 'RegSrvc.exe' - '24' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'msmsgs.exe' - '45' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '14' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'TeaTimer.exe' - '35' Module(s) have been scanned Scan process 'ctfmon.exe' - '27' Module(s) have been scanned Scan process 'AdobeARM.exe' - '42' Module(s) have been scanned Scan process 'avgnt.exe' - '67' Module(s) have been scanned Scan process 'avgnsx.exe' - '19' Module(s) have been scanned Scan process 'NokiaInternetModem_AppStart.exe' - '59' Module(s) have been scanned Scan process 'HidFind.exe' - '20' Module(s) have been scanned Scan process 'Apntex.exe' - '20' Module(s) have been scanned Scan process 'jqs.exe' - '70' Module(s) have been scanned Scan process 'avgtray.exe' - '34' Module(s) have been scanned Scan process 'ApMsgFwd.exe' - '16' Module(s) have been scanned Scan process 'rundll32.exe' - '37' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '93' Module(s) have been scanned Scan process 'EvtEng.exe' - '84' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '81' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'Apoint.exe' - '35' Module(s) have been scanned Scan process 'hkcmd.exe' - '26' Module(s) have been scanned Scan process 'avgwdsvc.exe' - '29' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'sched.exe' - '42' Module(s) have been scanned Scan process 'SCardSvr.exe' - '25' Module(s) have been scanned Scan process 'spoolsv.exe' - '74' Module(s) have been scanned Scan process 'Explorer.EXE' - '96' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'S24EvMon.exe' - '80' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '190' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'svchost.exe' - '50' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'avguard.exe' - '80' Module(s) have been scanned Scan process 'lsass.exe' - '60' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '75' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry): The registry was scanned ( '7177' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\All Users\Dokumenty\SharedDocs.scr [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Documents and Settings\All Users\Dokumenty\drukowanie pdf\drukowanie pdf.bat [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Documents and Settings\All Users\Dokumenty\SharedDocs.scr [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Documents and Settings\All Users\Dokumenty\drukowanie pdf\drukowanie pdf.bat [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Documents and Settings\All Users\Dokumenty\SharedDocs.scr [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan C:\Documents and Settings\All Users\Dokumenty\SharedDocs.scr [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan Begin scan in 'D:\' Search path D:\ could not be opened! System error [21]: Urządzenie nie jest gotowe. Beginning disinfection: C:\Documents and Settings\All Users\Dokumenty\drukowanie pdf\drukowanie pdf.bat [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file could not be copied to quarantine! [NOTE] The file does not exist! C:\Documents and Settings\All Users\Dokumenty\SharedDocs.scr [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan [NOTE] The file was moved to the quarantine directory under the name '46ce1c99.qua'! End of the scan: 21 stycznia 2014 16:48 Used time: 7:34:30 Hour(s) The scan has been done completely. 26082 Scanned directories 2208360 Files were scanned 6 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 2208354 Files not concerned 26642 Archives were scanned 0 Warnings 2 Notes 79603 Objects were scanned with rootkit scan 0 Hidden objects were found