Avira Free Antivirus Report file date: 25 lutego 2014 19:32 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Antivirus Free Serial number : 0000149996-AVHOE-0000001 Platform : Microsoft Windows XP Windows version : (Dodatek Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Tadek Computer name : TADEK-2009-03 Version information: BUILD.DAT : 14.0.2.286 55547 Bytes 2013-12-09 11:37:00 AVSCAN.EXE : 14.0.2.254 1032760 Bytes 2013-12-26 14:29:32 AVSCANRC.DLL : 14.0.2.180 52280 Bytes 2013-12-26 14:29:32 LUKE.DLL : 14.0.2.234 65592 Bytes 2013-12-26 14:30:13 AVSCPLR.DLL : 14.0.2.254 124472 Bytes 2013-12-26 14:29:33 AVREG.DLL : 14.0.2.212 250424 Bytes 2013-12-26 14:29:30 avlode.dll : 14.0.2.254 540216 Bytes 2013-12-26 14:29:27 avlode.rdf : 14.0.3.26 58589 Bytes 2014-02-18 16:40:53 VBASE000.VDF : 7.11.70.0 66736640 Bytes 2013-04-04 09:39:01 VBASE001.VDF : 7.11.74.226 2201600 Bytes 2013-04-30 11:41:17 VBASE002.VDF : 7.11.80.60 2751488 Bytes 2013-05-28 06:03:28 VBASE003.VDF : 7.11.85.214 2162688 Bytes 2013-06-21 06:03:29 VBASE004.VDF : 7.11.91.176 3903488 Bytes 2013-07-23 06:39:01 VBASE005.VDF : 7.11.98.186 6822912 Bytes 2013-08-29 14:43:47 VBASE006.VDF : 7.11.103.230 2293248 Bytes 2013-09-24 18:34:25 VBASE007.VDF : 7.11.116.38 5485568 Bytes 2013-11-28 19:14:30 VBASE008.VDF : 7.11.126.50 3615744 Bytes 2014-01-22 17:57:45 VBASE009.VDF : 7.11.128.174 2030080 Bytes 2014-02-03 17:57:48 VBASE010.VDF : 7.11.128.175 2048 Bytes 2014-02-03 17:57:48 VBASE011.VDF : 7.11.128.176 2048 Bytes 2014-02-03 17:57:48 VBASE012.VDF : 7.11.128.177 2048 Bytes 2014-02-03 17:57:49 VBASE013.VDF : 7.11.128.178 2048 Bytes 2014-02-03 17:57:49 VBASE014.VDF : 7.11.129.9 211456 Bytes 2014-02-04 17:57:50 VBASE015.VDF : 7.11.129.163 215040 Bytes 2014-02-06 17:57:50 VBASE016.VDF : 7.11.130.21 220672 Bytes 2014-02-08 17:57:52 VBASE017.VDF : 7.11.130.99 230400 Bytes 2014-02-10 17:57:52 VBASE018.VDF : 7.11.130.193 195072 Bytes 2014-02-11 16:40:42 VBASE019.VDF : 7.11.131.53 285184 Bytes 2014-02-13 16:40:42 VBASE020.VDF : 7.11.131.125 154624 Bytes 2014-02-14 16:40:42 VBASE021.VDF : 7.11.131.201 194560 Bytes 2014-02-15 16:40:42 VBASE022.VDF : 7.11.132.11 233472 Bytes 2014-02-17 16:40:43 VBASE023.VDF : 7.11.132.80 415232 Bytes 2014-02-18 16:40:44 VBASE024.VDF : 7.11.132.205 185344 Bytes 2014-02-20 17:19:32 VBASE025.VDF : 7.11.133.33 291328 Bytes 2014-02-22 17:19:32 VBASE026.VDF : 7.11.133.81 134144 Bytes 2014-02-23 17:19:32 VBASE027.VDF : 7.11.133.143 183808 Bytes 2014-02-25 17:19:33 VBASE028.VDF : 7.11.133.144 2048 Bytes 2014-02-25 17:19:33 VBASE029.VDF : 7.11.133.145 2048 Bytes 2014-02-25 17:19:33 VBASE030.VDF : 7.11.133.146 2048 Bytes 2014-02-25 17:19:33 VBASE031.VDF : 7.11.133.166 109568 Bytes 2014-02-25 17:19:33 Engine version : 8.2.14.12 AEVDF.DLL : 8.1.3.4 102774 Bytes 2013-07-18 06:02:45 AESCRIPT.DLL : 8.1.4.190 516478 Bytes 2014-02-18 16:40:52 AESCN.DLL : 8.1.10.6 131447 Bytes 2013-12-26 14:29:16 AESBX.DLL : 8.2.20.6 1331575 Bytes 2014-01-18 15:25:24 AERDL.DLL : 8.2.0.138 704888 Bytes 2013-12-03 19:14:44 AEPACK.DLL : 8.4.0.0 774520 Bytes 2014-02-18 16:40:52 AEOFFICE.DLL : 8.1.2.82 205181 Bytes 2014-02-18 16:40:51 AEHEUR.DLL : 8.1.4.918 6484346 Bytes 2014-02-18 16:40:51 AEHELP.DLL : 8.1.27.10 266618 Bytes 2013-12-03 19:14:35 AEGEN.DLL : 8.1.7.22 446839 Bytes 2014-01-18 15:25:19 AEEXP.DLL : 8.4.1.204 434552 Bytes 2014-02-18 16:40:53 AEEMU.DLL : 8.1.3.2 393587 Bytes 2012-11-29 10:26:05 AECORE.DLL : 8.1.35.0 229753 Bytes 2014-02-18 16:40:47 AEBB.DLL : 8.1.1.4 53619 Bytes 2012-11-29 10:26:05 AVWINLL.DLL : 14.0.2.180 23608 Bytes 2013-12-26 14:28:34 AVPREF.DLL : 14.0.2.180 48696 Bytes 2013-12-26 14:29:29 AVREP.DLL : 14.0.2.180 175672 Bytes 2013-12-26 14:29:31 AVARKT.DLL : 14.0.2.254 256056 Bytes 2013-12-26 14:29:19 AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 2013-12-26 14:29:24 SQLITE3.DLL : 3.7.0.1 394824 Bytes 2013-07-18 06:03:25 AVSMTP.DLL : 14.0.2.180 60472 Bytes 2013-12-26 14:29:33 NETNT.DLL : 14.0.2.180 13368 Bytes 2013-12-26 14:30:13 RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 2013-12-26 14:28:34 RCTEXT.DLL : 14.0.2.236 72760 Bytes 2013-12-26 14:28:35 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Reporting...........................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, F:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: extended Start of the scan: 25 lutego 2014 19:32 Start scanning boot sectors: Boot sector 'HDD0(C:, F:)' [INFO] No virus was found! Starting search for hidden objects. The scan of running processes will be started: Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '89' Module(s) have been scanned Scan process 'avcenter.exe' - '94' Module(s) have been scanned Scan process 'firefox.exe' - '118' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'hprblog.exe' - '31' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned Scan process 'AVWEBGRD.EXE' - '49' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'jqs.exe' - '87' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '13' Module(s) have been scanned Scan process 'FsUsbExService.Exe' - '20' Module(s) have been scanned Scan process 'apnmcp.exe' - '24' Module(s) have been scanned Scan process 'avguard.exe' - '79' Module(s) have been scanned Scan process 'hpqSTE08.exe' - '64' Module(s) have been scanned Scan process 'hpqtra08.exe' - '59' Module(s) have been scanned Scan process 'jusched.exe' - '28' Module(s) have been scanned Scan process 'TBNotifier.exe' - '67' Module(s) have been scanned Scan process 'avgnt.exe' - '69' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '26' Module(s) have been scanned Scan process 'HPWuSchd2.exe' - '30' Module(s) have been scanned Scan process 'Dragdiag.exe' - '30' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '34' Module(s) have been scanned Scan process 'sched.exe' - '39' Module(s) have been scanned Scan process 'spoolsv.exe' - '63' Module(s) have been scanned Scan process 'Explorer.EXE' - '134' Module(s) have been scanned Scan process 'svchost.exe' - '57' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '162' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '49' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '27' Module(s) have been scanned Scan process 'lsass.exe' - '59' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '66' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting to scan executable files (registry): The registry was scanned ( '3201' files ). Starting the file scan: Begin scan in 'C:\' C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp01aad4e2.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp04ca62e8.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp0626cbf6.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp0c7638a8.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp2175a78e.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp24890b84.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp29528b21.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp2f11109b.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp34d5b52d.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp3de7f5af.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp3f2bec5c.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp4338935e.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp4d00f223.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp5576d241.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp56dfe748.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp5dec990d.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp650044ea.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp6da105a9.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp73b8cbc0.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp775d851a.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp7b81c561.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpaf0ad34d.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpbb134a74.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpccd1697f.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpcefdcd81.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpd261b622.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpf06e9544.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan C:\Documents and Settings\Tadek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KD27GI6X\security[1].php [DETECTION] Is the TR/Crypt.Xpack.58292 Trojan Begin scan in 'F:\' Beginning disinfection: C:\Documents and Settings\Tadek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KD27GI6X\security[1].php [DETECTION] Is the TR/Crypt.Xpack.58292 Trojan [NOTE] The file was moved to the quarantine directory under the name '54da4f0c.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpf06e9544.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '4c5e6053.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpd261b622.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '1e013abb.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpcefdcd81.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '78367579.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpccd1697f.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '3db25847.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpbb134a74.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '42a96a26.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmpaf0ad34d.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '0e11466c.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp7b81c561.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '7209063c.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp775d851a.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '5f532971.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp73b8cbc0.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '463b12eb.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp6da105a9.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '2a673edb.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp650044ea.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '5bde074e.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp5dec990d.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '55c4378e.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp56dfe748.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '10ed4ecc.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp5576d241.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan [NOTE] The file was moved to the quarantine directory under the name '19e64a67.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp4d00f223.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '41a7530e.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp4338935e.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '6d532ac2.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp3f2bec5c.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '53ad4a18.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp3de7f5af.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '30a3616a.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp34d5b52d.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan [NOTE] The file was moved to the quarantine directory under the name '166b2177.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp2f11109b.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '24ff5ad2.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp29528b21.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '2eba71ac.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp24890b84.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan [NOTE] The file was moved to the quarantine directory under the name '11e915e9.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp2175a78e.exe [DETECTION] Is the TR/Crypt.ZPACK.52849 Trojan [NOTE] The file was moved to the quarantine directory under the name '6fc519ce.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp0c7638a8.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '3abd1d05.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp0626cbf6.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '372b6c2d.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp04ca62e8.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '2b767824.qua'! C:\Documents and Settings\Tadek\Ustawienia lokalne\Temp\tmp01aad4e2.exe [DETECTION] Is the TR/Crypt.Xpack.58297 Trojan [NOTE] The file was moved to the quarantine directory under the name '1aa535ea.qua'! End of the scan: 25 lutego 2014 20:12 Used time: 35:10 Minute(s) The scan has been done completely. 4470 Scanned directories 247706 Files were scanned 28 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 28 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 247678 Files not concerned 1634 Archives were scanned 0 Warnings 28 Notes 298201 Objects were scanned with rootkit scan 0 Hidden objects were found