Avira Free Antivirus Report file date: 8 stycznia 2014 16:47 The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Professional Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : SYSTEM Computer name : M-HP Version information: BUILD.DAT : 14.0.2.286 55547 Bytes 2013-12-09 11:37:00 AVSCAN.EXE : 14.0.2.254 1032760 Bytes 2013-12-18 08:46:13 AVSCANRC.DLL : 14.0.2.180 52280 Bytes 2013-12-18 08:46:13 LUKE.DLL : 14.0.2.234 65592 Bytes 2013-12-18 08:46:23 AVSCPLR.DLL : 14.0.2.254 124472 Bytes 2013-12-18 08:46:13 AVREG.DLL : 14.0.2.212 250424 Bytes 2013-12-18 08:46:12 avlode.dll : 14.0.2.254 540216 Bytes 2013-12-18 08:46:12 avlode.rdf : 13.0.1.62 56973 Bytes 2013-12-12 18:04:06 VBASE000.VDF : 7.11.70.0 66736640 Bytes 2013-04-04 21:10:25 VBASE001.VDF : 7.11.74.226 2201600 Bytes 2013-04-30 11:57:04 VBASE002.VDF : 7.11.80.60 2751488 Bytes 2013-05-28 18:18:33 VBASE003.VDF : 7.11.85.214 2162688 Bytes 2013-06-21 14:28:22 VBASE004.VDF : 7.11.91.176 3903488 Bytes 2013-07-23 13:32:05 VBASE005.VDF : 7.11.98.186 6822912 Bytes 2013-08-29 17:47:26 VBASE006.VDF : 7.11.103.230 2293248 Bytes 2013-09-24 13:29:00 VBASE007.VDF : 7.11.116.38 5485568 Bytes 2013-11-28 23:52:15 VBASE008.VDF : 7.11.120.140 1154560 Bytes 2013-12-19 19:34:39 VBASE009.VDF : 7.11.120.141 2048 Bytes 2013-12-19 19:34:39 VBASE010.VDF : 7.11.120.142 2048 Bytes 2013-12-19 19:34:39 VBASE011.VDF : 7.11.120.143 2048 Bytes 2013-12-19 19:34:40 VBASE012.VDF : 7.11.120.144 2048 Bytes 2013-12-19 19:34:40 VBASE013.VDF : 7.11.120.145 2048 Bytes 2013-12-19 19:34:40 VBASE014.VDF : 7.11.121.19 126976 Bytes 2013-12-21 09:28:03 VBASE015.VDF : 7.11.121.147 122880 Bytes 2013-12-24 18:50:38 VBASE016.VDF : 7.11.121.233 115712 Bytes 2013-12-25 18:50:41 VBASE017.VDF : 7.11.122.57 325120 Bytes 2013-12-27 18:50:49 VBASE018.VDF : 7.11.122.123 199680 Bytes 2013-12-28 12:19:12 VBASE019.VDF : 7.11.122.219 368640 Bytes 2014-01-01 18:20:50 VBASE020.VDF : 7.11.123.39 182272 Bytes 2014-01-03 12:55:28 VBASE021.VDF : 7.11.123.141 124416 Bytes 2014-01-05 23:21:44 VBASE022.VDF : 7.11.124.11 172032 Bytes 2014-01-08 10:31:08 VBASE023.VDF : 7.11.124.12 2048 Bytes 2014-01-08 10:31:09 VBASE024.VDF : 7.11.124.13 2048 Bytes 2014-01-08 10:31:14 VBASE025.VDF : 7.11.124.14 2048 Bytes 2014-01-08 10:31:14 VBASE026.VDF : 7.11.124.15 2048 Bytes 2014-01-08 10:31:14 VBASE027.VDF : 7.11.124.16 2048 Bytes 2014-01-08 10:31:14 VBASE028.VDF : 7.11.124.17 2048 Bytes 2014-01-08 10:31:14 VBASE029.VDF : 7.11.124.18 2048 Bytes 2014-01-08 10:31:14 VBASE030.VDF : 7.11.124.19 2048 Bytes 2014-01-08 10:31:14 VBASE031.VDF : 7.11.124.22 105984 Bytes 2014-01-08 10:31:15 Engine version : 8.2.12.166 AEVDF.DLL : 8.1.3.4 102774 Bytes 2013-06-14 18:47:54 AESCRIPT.DLL : 8.1.4.176 520574 Bytes 2013-12-19 19:34:45 AESCN.DLL : 8.1.10.6 131447 Bytes 2013-12-12 18:04:06 AESBX.DLL : 8.2.16.26 1245560 Bytes 2013-08-23 15:16:06 AERDL.DLL : 8.2.0.138 704888 Bytes 2013-12-03 19:10:49 AEPACK.DLL : 8.3.3.8 762232 Bytes 2013-12-19 19:34:45 AEOFFICE.DLL : 8.1.2.76 205181 Bytes 2013-08-21 14:02:42 AEHEUR.DLL : 8.1.4.830 6386042 Bytes 2013-12-19 19:34:44 AEHELP.DLL : 8.1.27.10 266618 Bytes 2013-11-22 15:41:19 AEGEN.DLL : 8.1.7.20 446839 Bytes 2013-11-14 21:58:06 AEEXP.DLL : 8.4.1.138 418168 Bytes 2013-12-13 10:11:13 AEEMU.DLL : 8.1.3.2 393587 Bytes 2012-09-19 13:42:55 AECORE.DLL : 8.1.33.0 225657 Bytes 2013-12-12 18:04:03 AEBB.DLL : 8.1.1.4 53619 Bytes 2012-11-05 14:00:38 AVWINLL.DLL : 14.0.2.180 23608 Bytes 2013-12-18 08:45:58 AVPREF.DLL : 14.0.2.180 48696 Bytes 2013-12-18 08:46:12 AVREP.DLL : 14.0.2.180 175672 Bytes 2013-12-18 08:46:12 AVARKT.DLL : 14.0.2.254 256056 Bytes 2013-12-18 08:46:00 AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 2013-12-18 08:46:04 SQLITE3.DLL : 3.7.0.1 397088 Bytes 2012-09-19 17:17:40 AVSMTP.DLL : 14.0.2.180 60472 Bytes 2013-12-18 08:46:13 NETNT.DLL : 14.0.2.180 13368 Bytes 2013-12-18 08:46:23 RCIMAGE.DLL : 14.0.2.180 4788792 Bytes 2013-12-18 08:45:58 RCTEXT.DLL : 14.0.2.236 72760 Bytes 2013-12-18 08:45:58 Configuration settings for the scan: Jobname.............................: AVGuardAsyncScan Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_52cd54cf\guard_slideup.avp Reporting...........................: default Primary action......................: Repair Secondary action....................: Quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: on Integrity checking of system files..: on Scan all files......................: All files Scan archives.......................: on Limit recursion depth...............: 20 Smart extensions....................: on Macrovirus heuristic................: on File heuristic......................: Complete Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: 8 stycznia 2014 16:47 The scan of running processes will be started: Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'HPFSService.exe' - '25' Module(s) have been scanned Scan process 'HpFkCrypt.exe' - '20' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned Scan process 'svchost.exe' - '101' Module(s) have been scanned Scan process 'svchost.exe' - '120' Module(s) have been scanned Scan process 'svchost.exe' - '83' Module(s) have been scanned Scan process 'svchost.exe' - '161' Module(s) have been scanned Scan process 'STacSV64.exe' - '36' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'Hpservice.exe' - '28' Module(s) have been scanned Scan process 'atieclxx.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '79' Module(s) have been scanned Scan process 'svchost.exe' - '72' Module(s) have been scanned Scan process 'WLANExt.exe' - '34' Module(s) have been scanned Scan process 'conhost.exe' - '14' Module(s) have been scanned Scan process 'WLTRYSVC.EXE' - '17' Module(s) have been scanned Scan process 'bcmwltry.exe' - '81' Module(s) have been scanned Scan process 'spoolsv.exe' - '104' Module(s) have been scanned Scan process 'ac.sharedstore.exe' - '40' Module(s) have been scanned Scan process 'acevents.exe' - '58' Module(s) have been scanned Scan process 'DpHostW.exe' - '117' Module(s) have been scanned Scan process 'sched.exe' - '59' Module(s) have been scanned Scan process 'armsvc.exe' - '28' Module(s) have been scanned Scan process 'AESTSr64.exe' - '8' Module(s) have been scanned Scan process 'agr64svc.exe' - '15' Module(s) have been scanned Scan process 'avguard.exe' - '108' Module(s) have been scanned Scan process 'btwdins.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '64' Module(s) have been scanned Scan process 'HPDayStarterService.exe' - '32' Module(s) have been scanned Scan process 'HPDrvMntSvc.exe' - '23' Module(s) have been scanned Scan process 'HpHotkeyMonitor.exe' - '56' Module(s) have been scanned Scan process 'LSSrvc.exe' - '29' Module(s) have been scanned Scan process 'LMS.exe' - '33' Module(s) have been scanned Scan process 'sqlservr.exe' - '65' Module(s) have been scanned Scan process 'pdfsvc.exe' - '47' Module(s) have been scanned Scan process 'SeaPort.EXE' - '54' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '28' Module(s) have been scanned Scan process 'sqlwriter.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '54' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '75' Module(s) have been scanned Scan process 'unsecapp.exe' - '27' Module(s) have been scanned Scan process 'wmiprvse.exe' - '37' Module(s) have been scanned Scan process 'IAANTMon.exe' - '40' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned Scan process 'avshadow.exe' - '29' Module(s) have been scanned Scan process 'SbHpAuthenticatorService.exe' - '37' Module(s) have been scanned Scan process 'hpqWmiEx.exe' - '49' Module(s) have been scanned Scan process 'svchost.exe' - '35' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'taskhost.exe' - '81' Module(s) have been scanned Scan process 'DPAgent.exe' - '87' Module(s) have been scanned Scan process 'Dwm.exe' - '41' Module(s) have been scanned Scan process 'Explorer.EXE' - '197' Module(s) have been scanned Scan process 'IAAnotif.exe' - '50' Module(s) have been scanned Scan process 'HPPA_Main.exe' - '99' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '56' Module(s) have been scanned Scan process 'acevents.exe' - '63' Module(s) have been scanned Scan process 'accrdsub.exe' - '70' Module(s) have been scanned Scan process 'sttray64.exe' - '44' Module(s) have been scanned Scan process 'WLTRAY.EXE' - '81' Module(s) have been scanned Scan process 'sidebar.exe' - '84' Module(s) have been scanned Scan process 'HPAdvisorDock.exe' - '74' Module(s) have been scanned Scan process 'LightScribeControlPanel.exe' - '41' Module(s) have been scanned Scan process 'SmileboxTray.exe' - '95' Module(s) have been scanned Scan process 'BTTray.exe' - '63' Module(s) have been scanned Scan process 'ONENOTEM.EXE' - '31' Module(s) have been scanned Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned Scan process 'svchost.exe' - '88' Module(s) have been scanned Scan process 'coreshredder.exe' - '42' Module(s) have been scanned Scan process 'hpwuschd2.exe' - '30' Module(s) have been scanned Scan process 'QLBController.exe' - '110' Module(s) have been scanned Scan process 'NokiaInternetModem_AppStart.exe' - '80' Module(s) have been scanned Scan process 'avgnt.exe' - '101' Module(s) have been scanned Scan process 'jusched.exe' - '35' Module(s) have been scanned Scan process 'BtStackServer.exe' - '97' Module(s) have been scanned Scan process 'DPAgent.exe' - '20' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '126' Module(s) have been scanned Scan process 'winlogon.exe' - '49' Module(s) have been scanned Scan process 'conhost.exe' - '15' Module(s) have been scanned Scan process 'svchost.exe' - '59' Module(s) have been scanned Scan process 'BluetoothHeadsetProxy.exe' - '33' Module(s) have been scanned Scan process 'PrivacyIconClient.exe' - '55' Module(s) have been scanned Scan process 'DllHost.exe' - '45' Module(s) have been scanned Scan process 'UNS.exe' - '61' Module(s) have been scanned Scan process 'HPPA_Service.exe' - '72' Module(s) have been scanned Scan process 'hpsa_service.exe' - '56' Module(s) have been scanned Scan process 'wmiprvse.exe' - '51' Module(s) have been scanned Scan process 'HPWA_Service.exe' - '72' Module(s) have been scanned Scan process 'svchost.exe' - '63' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '35' Module(s) have been scanned Scan process 'HPWA_Main.exe' - '96' Module(s) have been scanned Scan process 'HPAdvisor.exe' - '99' Module(s) have been scanned Scan process 'avcenter.exe' - '112' Module(s) have been scanned Scan process 'avscan.exe' - '126' Module(s) have been scanned Scan process 'vssvc.exe' - '47' Module(s) have been scanned Scan process 'svchost.exe' - '28' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '100' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '141' Module(s) have been scanned Scan process 'FlashUtil64_11_9_900_170_ActiveX.exe' - '67' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '133' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '115' Module(s) have been scanned Scan process 'taskmgr.exe' - '63' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned Scan process 'avscan.exe' - '111' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'wininit.exe' - '26' Module(s) have been scanned Scan process 'csrss.exe' - '18' Module(s) have been scanned Scan process 'services.exe' - '33' Module(s) have been scanned Scan process 'lsass.exe' - '72' Module(s) have been scanned Scan process 'lsm.exe' - '16' Module(s) have been scanned Scan process 'winlogon.exe' - '31' Module(s) have been scanned Initiating scan of system files: Signed -> 'C:\windows\system32\svchost.exe' Signed -> 'C:\windows\system32\winlogon.exe' Signed -> 'C:\windows\explorer.exe' Signed -> 'C:\windows\system32\smss.exe' Signed -> 'C:\windows\system32\wininet.DLL' Signed -> 'C:\windows\system32\wsock32.DLL' Signed -> 'C:\windows\system32\ws2_32.DLL' Signed -> 'C:\windows\system32\services.exe' Signed -> 'C:\windows\system32\lsass.exe' Signed -> 'C:\windows\system32\csrss.exe' Signed -> 'C:\windows\system32\drivers\kbdclass.sys' Signed -> 'C:\windows\system32\spoolsv.exe' Signed -> 'C:\windows\system32\alg.exe' Signed -> 'C:\windows\system32\wuauclt.exe' Signed -> 'C:\windows\system32\advapi32.DLL' Signed -> 'C:\windows\system32\user32.DLL' Signed -> 'C:\windows\system32\gdi32.DLL' Signed -> 'C:\windows\system32\kernel32.DLL' Signed -> 'C:\windows\system32\ntdll.DLL' Signed -> 'C:\windows\system32\ntoskrnl.exe' Signed -> 'C:\windows\system32\drivers\beep.sys' Signed -> 'C:\windows\system32\ctfmon.exe' Signed -> 'C:\windows\system32\imm32.dll' Signed -> 'C:\windows\system32\dsound.dll' Signed -> 'C:\windows\system32\aclui.dll' Signed -> 'C:\windows\system32\msvcrt.dll' Signed -> 'C:\windows\system32\d3d9.dll' Signed -> 'C:\windows\system32\dnsapi.dll' Signed -> 'C:\windows\system32\mshtml.dll' Signed -> 'C:\windows\system32\regsvr32.exe' Signed -> 'C:\windows\system32\rundll32.exe' Signed -> 'C:\windows\system32\userinit.exe' Signed -> 'C:\windows\system32\reg.exe' Signed -> 'C:\windows\regedit.exe' The system files were scanned ('34' files) Starting the file scan: Begin scan in 'C:\Users\M\AppData\Local\Temp\_MEI51002\bin\csrss.exe' C:\Users\M\AppData\Local\Temp\_MEI51002\bin\csrss.exe [DETECTION] Contains recognition pattern of the APPL/BitCoinMiner.CX application [NOTE] A backup was created as '5a28e087.qua' ( QUARANTINE ) [NOTE] The file was moved to the quarantine directory under the name '42bfcecd.qua'! End of the scan: 8 stycznia 2014 16:48 Used time: 00:24 Minute(s) The scan has been done completely. 0 Scanned directories 1152 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1151 Files not concerned 21 Archives were scanned 0 Warnings 1 Notes