Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with destkoplayer.exe


  • This topic is locked This topic is locked
20 replies to this topic

#1 primoz98

primoz98

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 September 2013 - 08:17 AM

Hello... i have a problem with Destkoplayer.exe Avast is keep warning me i have an virus... 

Probably that virus deleted most of my files, games, other stuff from my PC.

can someone help me ?.. thanks !.

 

 

~with respect Primoz



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 23 September 2013 - 08:20 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 September 2013 - 08:39 AM

Thanks for fast replying :) 
here is dds.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by HOME at 15:23:38 on 2013-09-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1060.18.4078.1655 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\SysWOW64\WinService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
J:\Programi\xFire\Xfire.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
J:\Programi\xFire\xfire64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
J:\Igre\Rockstar Games Social Club\1_0_0_0\RGSC.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
J:\Programi\xFire\xfire64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera_crashreporter.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Opera\launcher.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Program Files (x86)\Opera\16.0.1196.73\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.aldi.com
uProxyOverride = localhost;127.0.0.1;<local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,j:\igre\league of legends-kopija\rads\projects\lol_launcher\releases\0.0.0.185\deploy\lollaunchersrv.exe,j:\igre\league of legends-kopija\rads\system\rads_user_kernelsrv.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {B0EE3F28-F354-4D14-B8A5-E9D36D7B6CCC} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\SockshareDownloader\smarterdownloader.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\HOME\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "J:\Programi\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Easy-Hide-IP] J:\Programi\Hide ip\Easy-Hide-IP\easy-hide-ip.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RGSC] J:\Igre\Rockstar Games Social Club\RGSCLauncher.exe /silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [autorec] C:\AutoMacroRecorder\auto.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [4StoryPrePatch] J:\Igre\4 story client\4StoryUS\PrePatch.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\HOME\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IZREZO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\HOME\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
StartupFolder: C:\Users\HOME\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - J:\Programi\xFire\Xfire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: blank
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: security_WinAutomation.Console.exe
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 213.161.0.10 213.161.0.20
TCP: Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}\84F4D454D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}\84F4D454D20534F5E4564777F627B6F513 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{647C1B0A-3C07-47C1-A41B-3739243110A8} : DHCPNameServer = 213.161.0.10 213.161.0.20
TCP: Interfaces\{D4E6061F-C1C1-4706-A0F9-6E392CDE299D} : DHCPNameServer = 213.161.0.10 213.161.0.20
TCP: Interfaces\{F7CA7B18-C8E1-477E-BBF8-65F72EC2BE15} : DHCPNameServer = 213.161.0.10 213.161.0.20
TCP: Interfaces\{F7CA7B18-C8E1-477E-BBF8-65F72EC2BE15}\75869647560556E6765796E6 : DHCPNameServer = 213.161.0.10 213.161.0.20
TCP: Interfaces\{F7CA7B18-C8E1-477E-BBF8-65F72EC2BE15}\75869647560556E6765796E6D27657563747 : DHCPNameServer = 213.161.0.10 213.161.0.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\23765~1.24\{16cdf~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-6 65336]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-8-22 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-8-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-8-1 31544]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-4-16 25312]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-9-6 22600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-6 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-6 377920]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-8-22 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-8-22 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-6 283200]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-6 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-6 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-6 45248]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-11 13592]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-14 418376]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2013-4-16 180224]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-13 4308320]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-11 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE1200w764.sys [2011-3-29 1254464]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-14 25928]
S2 avgfws;AVG Firewall;"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe" --> C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" --> C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [?]
S2 BBSvc;BingBar Service;"C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe" --> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-14 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;"C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\HOME\AppData\Roaming\Yontoo\YontooDesktop.exe" --> C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-5-1 36328]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-6 178624]
S3 BBUpdate;BBUpdate;"C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe" --> C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-5 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-5 9096]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2013-4-23 15896]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2013-4-23 327576]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-11 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-11 533096]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2013-4-16 340992]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2011-7-18 694376]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-5-1 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-5-1 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-5-1 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-5-1 146920]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-11 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-11 30208]
S3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-12 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2010-9-23 129008]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-09-22 14:21:19 -------- d-----w- C:\Users\HOME\AppData\Local\Opera Software
2013-09-22 14:21:18 -------- d-----w- C:\Users\HOME\AppData\Roaming\Opera Software
2013-09-21 08:42:10 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-09-19 12:32:13 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2013-09-19 12:32:13 3900928 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2013-09-19 12:32:13 3566592 ----a-w- C:\Windows\System32\bcmihvui64.dll
2013-09-19 12:32:13 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-09-19 12:31:45 68224 ----a-r- C:\Windows\SysWow64\WanPacket.dll
2013-09-19 12:31:45 53299 ----a-r- C:\Windows\SysWow64\pthreadVC.dll
2013-09-19 12:31:45 40464 ----a-r- C:\Windows\System32\drivers\npf.sys
2013-09-19 12:31:45 240248 ----a-r- C:\Windows\SysWow64\wpcap.dll
2013-09-19 05:10:08 -------- d-----w- C:\ProgramData\Canneverbe Limited
2013-09-19 05:09:31 -------- d-----w- C:\Users\HOME\AppData\Roaming\Canneverbe Limited
2013-09-18 19:10:21 -------- d-----w- C:\Users\HOME\Doctor Web
2013-09-14 15:46:00 -------- d-----w- C:\Users\HOME\.android
2013-09-14 08:05:17 595968 ----a-w- C:\Windows\System32\Rtlihvs.dll
2013-09-14 08:05:02 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2013-09-14 07:56:15 -------- d-----w- C:\Medion
2013-09-12 16:49:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-12 16:11:13 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-12 15:44:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-12 15:44:25 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-06 14:14:39 449024 ----a-w- C:\Windows\System32\mss32.dll
2013-09-06 13:56:41 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-06 13:56:04 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-06 13:18:43 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-09-06 13:18:42 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-09-06 13:18:42 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-09-06 13:18:41 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-09-06 13:18:41 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-09-06 13:18:36 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-06 13:16:22 41664 ----a-w- C:\Windows\avastSS.scr
2013-09-05 13:31:43 -------- d-----w- C:\Users\HOME\AppData\Roaming\AVG2014
2013-09-05 13:28:30 -------- d--h--w- C:\$AVG
2013-09-05 13:28:30 -------- d-----w- C:\ProgramData\AVG2014
2013-09-05 13:27:50 -------- d-----w- C:\Program Files (x86)\AVG
2013-09-05 13:26:48 -------- d-----w- C:\Users\HOME\AppData\Local\Avg2014
2013-09-05 13:19:47 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-09-04 16:59:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB675F45-EDC8-4DAA-8632-C044E7A8DBA2}\offreg.dll
2013-09-03 16:27:48 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB675F45-EDC8-4DAA-8632-C044E7A8DBA2}\mpengine.dll
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCFAC.tmp
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCF8C.tmp
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCF5C.tmp
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCF3C.tmp
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCEFC.tmp
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCECD.tmp
2013-09-02 21:12:19 278528 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\trzCE7E.tmp
2013-08-28 12:54:54 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2013-08-28 12:22:08 449024 ----a-w- C:\Windows\SysWow64\mss32.dll
2013-08-24 19:21:47 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
==================== Find3M  ====================
.
2013-09-20 13:48:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 13:48:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-06 13:55:38 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-08-22 21:25:44 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-08-22 21:08:14 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-08-22 20:55:04 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-22 20:54:54 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-08-20 20:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-15 09:26:15 2103040 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 14:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-08-01 14:06:28 147768 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-08-01 14:04:56 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-03 17:47:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 17:47:00 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-03 17:47:00 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-27 14:44:50 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-27 14:44:50 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-27 14:18:33 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 15:27:42,37 ===============

 

I have question how to add other things? 



#4 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 September 2013 - 08:41 AM

here are the ark.log - from gmer. and attach.txt 

:)

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 23 September 2013 - 09:08 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 September 2013 - 11:08 AM

ComboFix 13-09-23.02 - HOME 23.09.2013  17:51:04.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1060.18.4078.2366 [GMT 2:00]
Running from: c:\users\HOME\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TheBflix
c:\programdata\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\settings.ini
c:\programdata\TheBflix\trz5656.tmp
c:\programdata\TheBflix\uninstall.exe
c:\users\HOME\AppData\Local\assembly\tmp
c:\users\HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C83F650-F405-42EE-9CD7-78C28057A48B}.xps
c:\users\HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3D44354-1214-4BC1-B605-EC119F454886}.xps
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\Temp
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-23 to 2013-09-23  )))))))))))))))))))))))))))))))
.
.
2013-09-23 16:02 . 2013-09-23 16:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-23 16:02 . 2013-09-23 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 14:21 . 2013-09-22 14:21 -------- d-----w- c:\users\HOME\AppData\Local\Opera Software
2013-09-22 14:21 . 2013-09-22 14:21 -------- d-----w- c:\users\HOME\AppData\Roaming\Opera Software
2013-09-22 14:21 . 2013-09-22 15:03 -------- d-----w- c:\program files (x86)\Opera
2013-09-21 08:42 . 2013-09-23 12:43 -------- d-----w- c:\program files (x86)\Microsoft
2013-09-19 12:32 . 2011-03-29 00:15 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-09-19 12:32 . 2011-03-29 00:11 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-09-19 12:32 . 2011-03-29 00:11 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-09-19 12:32 . 2010-06-09 19:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-09-19 12:31 . 2007-11-05 12:23 40464 ----a-r- c:\windows\system32\drivers\npf.sys
2013-09-19 05:10 . 2013-09-19 05:10 -------- d-----w- c:\programdata\Canneverbe Limited
2013-09-19 05:09 . 2013-09-19 05:09 -------- d-----w- c:\users\HOME\AppData\Roaming\Canneverbe Limited
2013-09-18 19:10 . 2013-09-18 19:39 -------- d-----w- c:\users\HOME\Doctor Web
2013-09-14 15:46 . 2013-09-14 15:51 -------- d-----w- c:\users\HOME\.android
2013-09-14 08:05 . 2011-07-06 21:31 595968 ----a-w- c:\windows\system32\Rtlihvs.dll
2013-09-14 08:05 . 2010-12-01 07:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-09-14 07:56 . 2013-09-14 07:56 -------- d-----w- C:\Medion
2013-09-12 16:49 . 2013-08-10 05:20 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-12 16:11 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-12 15:44 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 15:44 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-12 15:44 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-12 15:44 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-06 14:14 . 2012-08-30 11:31 449024 ----a-w- c:\windows\system32\mss32.dll
2013-09-06 13:56 . 2013-09-06 13:55 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-06 13:56 . 2013-09-06 13:55 310688 ----a-w- c:\windows\system32\javaws.exe
2013-09-06 13:56 . 2013-09-06 13:55 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-06 13:56 . 2013-09-06 13:55 188832 ----a-w- c:\windows\system32\javaw.exe
2013-09-06 13:56 . 2013-09-06 13:55 188320 ----a-w- c:\windows\system32\java.exe
2013-09-06 13:18 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-06 13:18 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-06 13:18 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-06 13:18 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-06 13:18 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-06 13:18 . 2013-03-06 22:33 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-09-06 13:18 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-06 13:18 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-06 13:18 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-06 13:16 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-09-05 13:31 . 2013-09-05 13:31 -------- d-----w- c:\users\HOME\AppData\Roaming\AVG2014
2013-09-05 13:28 . 2013-09-05 13:29 -------- d-----w- c:\programdata\AVG2014
2013-09-05 13:28 . 2013-09-05 13:28 -------- d-----w- C:\$AVG
2013-09-05 13:27 . 2013-09-05 13:27 -------- d-----w- c:\program files (x86)\AVG
2013-09-05 13:26 . 2013-09-05 13:33 -------- d-----w- c:\users\HOME\AppData\Local\Avg2014
2013-09-05 13:19 . 2013-09-05 13:19 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-09-04 16:59 . 2013-09-04 16:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB675F45-EDC8-4DAA-8632-C044E7A8DBA2}\offreg.dll
2013-09-03 16:27 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB675F45-EDC8-4DAA-8632-C044E7A8DBA2}\mpengine.dll
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCFAC.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCF8C.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCF5C.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCF3C.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCEFC.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCECD.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCE7E.tmp
2013-08-28 12:54 . 2013-08-28 12:54 -------- d-----w- c:\program files (x86)\Microsoft WSE
2013-08-28 12:22 . 2012-08-30 11:31 449024 ----a-w- c:\windows\SysWow64\mss32.dll
2013-08-24 19:21 . 2013-08-24 19:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 13:48 . 2012-04-16 05:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 13:48 . 2011-08-10 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 16:46 . 2011-07-18 20:31 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-06 13:55 . 2011-07-18 21:14 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-22 21:25 . 2013-08-22 21:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-22 21:08 . 2013-08-22 21:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-22 20:55 . 2013-08-22 20:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-22 20:54 . 2013-08-22 20:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-20 20:53 . 2013-08-20 20:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-15 09:26 . 2013-08-15 09:26 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2013-08-13 20:20 . 2012-10-09 07:56 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-08-13 20:18 . 2013-08-13 15:44 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2013-08-13 15:03 . 2013-08-13 15:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-08-02 01:48 . 2013-09-12 16:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 14:07 . 2013-08-01 14:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 14:06 . 2013-08-01 14:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 14:04 . 2013-08-01 14:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-23 12:19 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-23 12:19 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-23 12:19 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-23 12:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-23 12:20 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-23 12:19 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-23 12:20 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-23 12:20 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-23 12:20 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-23 12:19 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-23 12:20 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-23 12:20 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-23 12:20 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-23 12:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-23 12:15 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-03 17:47 . 2013-07-03 17:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 17:47 . 2012-05-22 18:57 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 17:47 . 2011-07-18 21:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 14:44 . 2013-02-23 11:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-27 14:44 . 2012-12-05 08:13 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-27 14:18 . 2012-12-05 08:04 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-15 17:30 244328 ----a-w- c:\program files (x86)\SockshareDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="j:\programi\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"RGSC"="j:\igre\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Izrezovalnik zaslona in zaganjalnik za OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Logitech . Registracija izdelka.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe /remind /language=SLV /_WFM="." [2009-10-14 517384]
Xfire.lnk - j:\programi\xFire\Xfire.exe [2013-3-21 3560832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2013-4-16 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,j:\igre\league of legends-kopija\rads\system\rads_user_kernelsrv.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
R1 logzfbtc;logzfbtc;c:\windows\system32\drivers\logzfbtc.sys;c:\windows\SYSNATIVE\drivers\logzfbtc.sys [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SCM_Service;SCM_Service;c:\windows\SysWOW64\WinService.exe;c:\windows\SysWOW64\WinService.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 uqk;uqk;j:\igre\Spirit Tales\STOnline\avital\wyqku64.sys;j:\igre\Spirit Tales\STOnline\avital\wyqku64.sys [x]
R3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wolf;wolf;j:\igre\Nova mapa (3)\Wolfteam\wolf64.sys;j:\igre\Nova mapa (3)\Wolfteam\wolf64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va005;X6va005;c:\users\HOME\AppData\Local\Temp\00546E0.tmp;c:\users\HOME\AppData\Local\Temp\00546E0.tmp [x]
R3 X6va006;X6va006;c:\users\HOME\AppData\Local\Temp\0069E87.tmp;c:\users\HOME\AppData\Local\Temp\0069E87.tmp [x]
R3 X6va007;X6va007;c:\users\HOME\AppData\Local\Temp\0078DF2.tmp;c:\users\HOME\AppData\Local\Temp\0078DF2.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE1200w764.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 15:31 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 13:48]
.
2013-09-23 c:\windows\Tasks\Driver Booster Startup.job
- c:\program files (x86)\IObit\Driver Booster\DriverBooster.exe [2013-08-15 15:07]
.
2013-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494944550-1014539732-454808812-1002Core.job
- c:\users\HOME\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 20:39]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494944550-1014539732-454808812-1002UA.job
- c:\users\HOME\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 20:39]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03 16:56]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03 16:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: blank
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: security_WinAutomation.Console.exe
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 213.161.0.10 213.161.0.20
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B0EE3F28-F354-4D14-B8A5-E9D36D7B6CCC} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\HOME\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-Easy-Hide-IP - j:\programi\Hide ip\Easy-Hide-IP\easy-hide-ip.exe
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKLM-Run-autorec - c:\automacrorecorder\auto.exe
Wow6432Node-HKLM-Run-4StoryPrePatch - j:\igre\4 story client\4StoryUS\PrePatch.exe
Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2014\avgui.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PokerStars.eu - j:\igre\Nova mapa\PokerStarsUninstall.exe
AddRemove-{18A28285-5D69-4562-ACC3-157E3455CA01}_is1 - j:\programi\XZONE REACTOR Application\unins000.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\programdata\TheBflix\uninstall.exe
AddRemove-{5E7A8F05-013C-44FD-B450-5434CA581098}_is1 - j:\igre\MicroVolts\MicroVolts\MicroVolts\unins000.exe
AddRemove-{67F5E390-8E09-4AE4-B7F2-705AFD23D86D} - c:\programdata\{C7B82A41-F62F-4F56-A5F0-CA61A54D8122}\WinAutomationSetup.exe
AddRemove-{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1 - j:\primož\Free Mouse Auto Clicker\unins000.exe
AddRemove-{888F1505-C2B3-4FDE-835D-36353EBD4754} - c:\program files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe
AddRemove-{918A9082-6287-4D25-9002-5E5D5E4971CB} - c:\program files (x86)\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{BC8FFFE3-433B-4906-8608-279E64896468}_is1 - j:\primož\Audition\AuditionSEA\unins000.exe
AddRemove-CPPS Builder 0.1 - j:\primož\cp private serrver\Uninstal.exe
AddRemove-UnityWebPlayer - c:\users\HOME\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\HOME\AppData\Local\Temp\00546E0.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\HOME\AppData\Local\Temp\0069E87.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\HOME\AppData\Local\Temp\0078DF2.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-494944550-1014539732-454808812-1002\Software\SecuROM\License information*]
"datasecu"=hex:27,3f,e0,47,29,8f,1b,e5,1e,9b,8e,05,92,09,a4,c9,29,4d,fc,d3,d1,
   77,3f,2e,a1,4e,ae,02,2e,fb,41,ef,60,db,7e,c3,1a,28,a1,04,fc,04,d8,f9,65,15,\
"rkeysecu"=hex:09,19,df,e0,52,4d,54,87,84,7c,bc,b6,0c,ee,89,1e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-23  18:06:54
ComboFix-quarantined-files.txt  2013-09-23 16:06
.
Pre-Run: 700.854.943.744 bytes free
Post-Run: 726.679.916.544 bytes free
.
- - End Of File - - 486CFFB175346B3C67FB82689F643B94
 

 

 

Sorry because you had to wait a long time... my electricity went off... by the way i just remembered my PC lagged when i had AVG turned on, now i have Avast.  



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 23 September 2013 - 02:05 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 24 September 2013 - 10:45 AM

ComboFix 13-09-24.02 - HOME 24.09.2013  17:20:13.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1060.18.4078.2193 [GMT 2:00]
Running from: c:\users\HOME\Downloads\ComboFix.exe
Command switches used :: c:\users\HOME\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Internet Explorer\Plugins\trzCE7E.tmp"
"c:\program files (x86)\Internet Explorer\Plugins\trzCECD.tmp"
"c:\program files (x86)\Internet Explorer\Plugins\trzCEFC.tmp"
"c:\program files (x86)\Internet Explorer\Plugins\trzCF3C.tmp"
"c:\program files (x86)\Internet Explorer\Plugins\trzCF5C.tmp"
"c:\program files (x86)\Internet Explorer\Plugins\trzCF8C.tmp"
"c:\program files (x86)\Internet Explorer\Plugins\trzCFAC.tmp"
"c:\windows\Tasks\Driver Booster Startup.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe
c:\program files (x86)\IObit\Driver Booster\Deployer.exe
c:\program files (x86)\IObit\Driver Booster\DriverBooster.exe
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DpInstX32.exe
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DpInstX64.exe
c:\program files (x86)\IObit\Driver Booster\DrvInstall\DrvInstall.exe
c:\program files (x86)\IObit\Driver Booster\LocalData\Config.ini
c:\program files (x86)\IObit\Driver Booster\LocalData\Ignore.ini
c:\program files (x86)\IObit\Driver Booster\Promote.exe
c:\program files (x86)\IObit\Driver Booster\Register.dll
c:\program files (x86)\IObit\Driver Booster\Scheduler.exe
c:\program files (x86)\IObit\Driver Booster\SQLite3.dll
c:\program files (x86)\IObit\Driver Booster\SysRest.dll
c:\program files (x86)\IObit\Driver Booster\TaskMgr.dll
c:\program files (x86)\IObit\Driver Booster\unins000.exe
c:\program files (x86)\IObit\Driver Booster\Update\Update.ini
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\ldrtbuTor.dll
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\prxtbuTor.dll
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\uninstall.exe
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Legacy_X6VA006
-------\Legacy_X6VA007
-------\Legacy_X6VA008
-------\Legacy_X6VA009
-------\Legacy_X6VA011
-------\Legacy_X6VA012
-------\Service_X6va005
-------\Service_X6va006
-------\Service_X6va007
-------\Service_X6va008
-------\Service_X6va009
-------\Service_X6va011
-------\Service_X6va012
-------\Service_Yontoo Desktop Updater
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-24 to 2013-09-24  )))))))))))))))))))))))))))))))
.
.
2013-09-24 15:32 . 2013-09-24 15:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-22 14:21 . 2013-09-22 14:21 -------- d-----w- c:\users\HOME\AppData\Local\Opera Software
2013-09-22 14:21 . 2013-09-22 14:21 -------- d-----w- c:\users\HOME\AppData\Roaming\Opera Software
2013-09-22 14:21 . 2013-09-22 15:03 -------- d-----w- c:\program files (x86)\Opera
2013-09-21 08:42 . 2013-09-23 12:43 -------- d-----w- c:\program files (x86)\Microsoft
2013-09-19 12:32 . 2011-03-29 00:15 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-09-19 12:32 . 2011-03-29 00:11 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-09-19 12:32 . 2011-03-29 00:11 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-09-19 12:32 . 2010-06-09 19:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-09-19 12:31 . 2007-11-05 12:23 40464 ----a-r- c:\windows\system32\drivers\npf.sys
2013-09-19 05:10 . 2013-09-19 05:10 -------- d-----w- c:\programdata\Canneverbe Limited
2013-09-19 05:09 . 2013-09-19 05:09 -------- d-----w- c:\users\HOME\AppData\Roaming\Canneverbe Limited
2013-09-18 19:10 . 2013-09-18 19:39 -------- d-----w- c:\users\HOME\Doctor Web
2013-09-14 15:46 . 2013-09-14 15:51 -------- d-----w- c:\users\HOME\.android
2013-09-14 08:05 . 2011-07-06 21:31 595968 ----a-w- c:\windows\system32\Rtlihvs.dll
2013-09-14 08:05 . 2010-12-01 07:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-09-14 07:56 . 2013-09-14 07:56 -------- d-----w- C:\Medion
2013-09-12 16:49 . 2013-08-10 05:20 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-12 16:11 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-12 15:44 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 15:44 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-12 15:44 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-12 15:44 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-06 14:14 . 2012-08-30 11:31 449024 ----a-w- c:\windows\system32\mss32.dll
2013-09-06 13:56 . 2013-09-06 13:55 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-06 13:56 . 2013-09-06 13:55 310688 ----a-w- c:\windows\system32\javaws.exe
2013-09-06 13:56 . 2013-09-06 13:55 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-06 13:56 . 2013-09-06 13:55 188832 ----a-w- c:\windows\system32\javaw.exe
2013-09-06 13:56 . 2013-09-06 13:55 188320 ----a-w- c:\windows\system32\java.exe
2013-09-06 13:18 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-06 13:18 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-06 13:18 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-06 13:18 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-06 13:18 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-06 13:18 . 2013-03-06 22:33 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-09-06 13:18 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-06 13:18 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-06 13:18 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-06 13:16 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-09-05 13:31 . 2013-09-05 13:31 -------- d-----w- c:\users\HOME\AppData\Roaming\AVG2014
2013-09-05 13:28 . 2013-09-05 13:29 -------- d-----w- c:\programdata\AVG2014
2013-09-05 13:28 . 2013-09-05 13:28 -------- d-----w- C:\$AVG
2013-09-05 13:27 . 2013-09-05 13:27 -------- d-----w- c:\program files (x86)\AVG
2013-09-05 13:26 . 2013-09-05 13:33 -------- d-----w- c:\users\HOME\AppData\Local\Avg2014
2013-09-05 13:19 . 2013-09-05 13:19 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-09-04 16:59 . 2013-09-04 16:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB675F45-EDC8-4DAA-8632-C044E7A8DBA2}\offreg.dll
2013-09-03 16:27 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB675F45-EDC8-4DAA-8632-C044E7A8DBA2}\mpengine.dll
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCFAC.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCF8C.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCF5C.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCF3C.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCEFC.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCECD.tmp
2013-09-02 21:12 . 2013-09-02 21:12 278528 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\trzCE7E.tmp
2013-08-28 12:54 . 2013-08-28 12:54 -------- d-----w- c:\program files (x86)\Microsoft WSE
2013-08-28 12:22 . 2012-08-30 11:31 449024 ----a-w- c:\windows\SysWow64\mss32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 13:48 . 2012-04-16 05:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 13:48 . 2011-08-10 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 16:46 . 2011-07-18 20:31 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-06 13:55 . 2011-07-18 21:14 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-24 19:21 . 2013-08-24 19:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-08-22 21:25 . 2013-08-22 21:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-22 21:08 . 2013-08-22 21:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-22 20:55 . 2013-08-22 20:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-22 20:54 . 2013-08-22 20:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-20 20:53 . 2013-08-20 20:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-15 09:26 . 2013-08-15 09:26 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2013-08-13 20:20 . 2012-10-09 07:56 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-08-13 20:18 . 2013-08-13 15:44 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2013-08-13 15:03 . 2013-08-13 15:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-08-02 01:48 . 2013-09-12 16:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 14:07 . 2013-08-01 14:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 14:06 . 2013-08-01 14:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 14:04 . 2013-08-01 14:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-23 12:19 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-23 12:19 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-23 12:19 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-23 12:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-23 12:20 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-23 12:19 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-23 12:20 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-23 12:20 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-23 12:20 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-23 12:19 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-23 12:20 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-23 12:20 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-23 12:20 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-23 12:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-23 12:15 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-03 17:47 . 2013-07-03 17:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 17:47 . 2012-05-22 18:57 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 17:47 . 2011-07-18 21:13 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 14:44 . 2013-02-23 11:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-27 14:44 . 2012-12-05 08:13 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-27 14:18 . 2012-12-05 08:04 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-15 17:30 244328 ----a-w- c:\program files (x86)\SockshareDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo\YontooIEClient.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="j:\programi\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"RGSC"="j:\igre\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Izrezovalnik zaslona in zaganjalnik za OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Logitech . Registracija izdelka.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe /remind /language=SLV /_WFM="." [2009-10-14 517384]
Xfire.lnk - j:\programi\xFire\Xfire.exe [2013-3-21 3560832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v2\WG111v2.exe [2013-4-16 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,j:\igre\league of legends-kopija\rads\system\rads_user_kernelsrv.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
R1 logzfbtc;logzfbtc;c:\windows\system32\drivers\logzfbtc.sys;c:\windows\SYSNATIVE\drivers\logzfbtc.sys [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 uqk;uqk;j:\igre\Spirit Tales\STOnline\avital\wyqku64.sys;j:\igre\Spirit Tales\STOnline\avital\wyqku64.sys [x]
R3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wolf;wolf;j:\igre\Nova mapa (3)\Wolfteam\wolf64.sys;j:\igre\Nova mapa (3)\Wolfteam\wolf64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SCM_Service;SCM_Service;c:\windows\SysWOW64\WinService.exe;c:\windows\SysWOW64\WinService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE1200w764.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 15:31 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 13:48]
.
2013-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494944550-1014539732-454808812-1002Core.job
- c:\users\HOME\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 20:39]
.
2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494944550-1014539732-454808812-1002UA.job
- c:\users\HOME\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-17 20:39]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03 16:56]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-03 16:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: blank
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: security_WinAutomation.Console.exe
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 213.161.0.10 213.161.0.20
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B0EE3F28-F354-4D14-B8A5-E9D36D7B6CCC} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
AddRemove-Driver Booster_is1 - c:\program files (x86)\IObit\Driver Booster\unins000.exe
AddRemove-PokerStars.eu - j:\igre\Nova mapa\PokerStarsUninstall.exe
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
AddRemove-{18A28285-5D69-4562-ACC3-157E3455CA01}_is1 - j:\programi\XZONE REACTOR Application\unins000.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\programdata\TheBflix\uninstall.exe
AddRemove-{5E7A8F05-013C-44FD-B450-5434CA581098}_is1 - j:\igre\MicroVolts\MicroVolts\MicroVolts\unins000.exe
AddRemove-{67F5E390-8E09-4AE4-B7F2-705AFD23D86D} - c:\programdata\{C7B82A41-F62F-4F56-A5F0-CA61A54D8122}\WinAutomationSetup.exe
AddRemove-{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1 - j:\primož\Free Mouse Auto Clicker\unins000.exe
AddRemove-{888F1505-C2B3-4FDE-835D-36353EBD4754} - c:\program files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe
AddRemove-{918A9082-6287-4D25-9002-5E5D5E4971CB} - c:\program files (x86)\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{BC8FFFE3-433B-4906-8608-279E64896468}_is1 - j:\primož\Audition\AuditionSEA\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-494944550-1014539732-454808812-1002\Software\SecuROM\License information*]
"datasecu"=hex:27,3f,e0,47,29,8f,1b,e5,1e,9b,8e,05,92,09,a4,c9,29,4d,fc,d3,d1,
   77,3f,2e,a1,4e,ae,02,2e,fb,41,ef,60,db,7e,c3,1a,28,a1,04,fc,04,d8,f9,65,15,\
"rkeysecu"=hex:09,19,df,e0,52,4d,54,87,84,7c,bc,b6,0c,ee,89,1e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-24  17:42:19 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-24 15:42
ComboFix2.txt  2013-09-23 16:06
.
Pre-Run: 726.280.896.512 bytes free
Post-Run: 726.890.029.056 bytes free
.
- - End Of File - - DB91FF52DEB5485E063EDF8195E2B925
 

My avast blocked it 1 time after PC restarted..

now i will run  Malwarebytes Antimalware



#9 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 24 September 2013 - 01:46 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Različica baze: v2013.09.24.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
HOME :: HOME-PC [skrbnik]
 
24.9.2013 17:47:23
mbam-log-2013-09-24 (17-47-23).txt
 
Tip pregleda: Polni pregled (C:\|D:\|J:\|)
Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM
Možnosti pregleda onemogočene: P2P
Preverjenih objektov: 1020954
Pretečen čas: 2 ur, 11 minut, 51 sekund
 
Odkritih spominskih procesov: 0
(Ni bilo najdenih zlonamernih objektov)
 
Odkritih spominskih modulov: 0
(Ni bilo najdenih zlonamernih objektov)
 
Odkritih ključev registra: 14
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Nobena akcija se ni izvedla.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nobena akcija se ni izvedla.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Nobena akcija se ni izvedla.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A5C374A-1366-4649-A4A2-5B44E1BF15BC} (PUP.Optional.Tarma.A) -> Nobena akcija se ni izvedla.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Poslano v karanteno in uspešno izbrisano.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Poslano v karanteno in uspešno izbrisano.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Poslano v karanteno in uspešno izbrisano.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Poslano v karanteno in uspešno izbrisano.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Poslano v karanteno in uspešno izbrisano.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Poslano v karanteno in uspešno izbrisano.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Poslano v karanteno in uspešno izbrisano.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Poslano v karanteno in uspešno izbrisano.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk (PUP.Optional.Gophoto.A) -> Poslano v karanteno in uspešno izbrisano.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0EE3F28-F354-4D14-B8A5-E9D36D7B6CCC} (PUP.BFlix) -> Poslano v karanteno in uspešno izbrisano.
 
Odkritih vrednosti registra: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Podatki: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Poslano v karanteno in uspešno izbrisano.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Podatki: 0A1O1GtGtCtH1F1M1S1Y1B -> Poslano v karanteno in uspešno izbrisano.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Podatki: 11111111 -> Poslano v karanteno in uspešno izbrisano.
 
Odkritih vnosov v register: 0
(Ni bilo najdenih zlonamernih objektov)
 
Odkritih map: 10
C:\Users\HOME\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Gophoto.it (PUP.Optional.Gophoto.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\OpenCandy\0629B381765B4438B409683C775D3994 (PUP.Optional.OpenCandy) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\OpenCandy\7AED8507F27A4E998C09FFFD72AF1E8D (PUP.Optional.OpenCandy) -> Poslano v karanteno in uspešno izbrisano.
 
Odkritih datotek: 708
C:\ProgramData\InstallMate\{3A5C374A-1366-4649-A4A2-5B44E1BF15BC}\Setup.exe (PUP.Optional.Tarma.A) -> Nobena akcija se ni izvedla.
C:\ProgramData\InstallMate\{3A5C374A-1366-4649-A4A2-5B44E1BF15BC}\TsuDll.dll (PUP.Optional.Tarma.A) -> Nobena akcija se ni izvedla.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Nobena akcija se ni izvedla.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Nobena akcija se ni izvedla.
C:\Users\HOME\Downloads\Jitbit Macro Recorder  Pro (L.K) (1).exe (PUP.Optional.Installex) -> Nobena akcija se ni izvedla.
C:\Users\HOME\Downloads\Jitbit Macro Recorder  Pro (L.K).exe (PUP.Optional.Installex) -> Nobena akcija se ni izvedla.
C:\Users\HOME\Downloads\Jitbit_Macro_Recorder_PRO.exe (PUP.BundleInstaller.DW) -> Nobena akcija se ni izvedla.
C:\Users\HOME\Downloads\PenguinCGenerator2013.exe (PUP.Optional.Somoto) -> Nobena akcija se ni izvedla.
C:\Users\HOME\Downloads\WinsockPacketEditorWPEPro09a_downloader_by_FileCart(1).exe (PUP.Optional.Somoto) -> Nobena akcija se ni izvedla.
C:\Users\HOME\Downloads\WinsockPacketEditorWPEPro09a_downloader_by_FileCart.exe (PUP.Optional.Somoto) -> Nobena akcija se ni izvedla.
J:\Download\Google chrome\auto macro recorder setup.exe (PUP.AdBundle) -> Nobena akcija se ni izvedla.
J:\Download\Google chrome\CheatEngine62.exe (PUP.Optional.Somoto) -> Nobena akcija se ni izvedla.
J:\Download\Google chrome\DTLite4452-0287.exe (PUP.Optional.OpenCandy) -> Nobena akcija se ni izvedla.
J:\Download\Google chrome\Hell-Gate_KalOnline.rar.exe (PUP.BundleInstaller.DW) -> Nobena akcija se ni izvedla.
J:\Download\Google chrome\Jitbit_Macro_Recorder_PRO.exe (PUP.BundleInstaller.DW) -> Nobena akcija se ni izvedla.
J:\Download\Partis\Auto Hide IP 5.2.8.8 Incl Patch by XenoCoder\Auto Hide IP 5.2.8.8 Incl Patch by XenoCoder.rar (PUP.Riskware.Patcher) -> Nobena akcija se ni izvedla.
J:\Download\Partis\Auto Hide IP 5.2.8.8 Incl Patch by XenoCoder\Patch-XenoCoder\Patch.rar (PUP.Riskware.Patcher) -> Nobena akcija se ni izvedla.
J:\Download\Partis\recovery\Ontrack EasyRecovery Professional 10.0.2.3 + Patch\Ontrack.EasyRecovery.Professional.10.0.2.3.zip (PUP.RiskwareTool.CK) -> Nobena akcija se ni izvedla.
J:\Download\Partis\recovery\Ontrack EasyRecovery Professional 10.0.2.3 + Patch\Ontrack.EasyRecovery.Professional.10.0.2.3\Patch.exe (PUP.RiskwareTool.CK) -> Nobena akcija se ni izvedla.
C:\Config.Msi\trzBCE8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz1B53.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz25DF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz26DA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz2758.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz27C6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz2872.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz295D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz2A39.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\dell\drivers\R181739\Graphics\trz2B05.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Dev-Cpp\trz451C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Dev-Cpp\trz5331.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Dev-Cpp\bin\trz41F0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz151D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz16C3.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz5516.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz55D2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz5656.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz5685.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\trz56FB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\hshield\trz183A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\KAL x-treme\Libraries\trz1A01.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International\trz81F1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International\HDAudio\trz80E6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International\HDAudio\trz8163.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\nForceHDAudio\1000042\trz83C8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\nForceHDAudio\1000042\trz8465.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\nForceHDAudio\1000042\HDAudio\trz82CC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\NVIDIA\nForceHDAudio\1000042\HDAudio\trz835A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2546951\ServicePack\x64\setup\1033\windows\system32\ansi\trz2C3E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\x64\setup\1033\windows\system32\ansi\trz4378.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{F1A60FEC-6CE9-48B8-B936-C799DF614AA0}\trz71EB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files\WinRAR\Formats\trz9A46.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\7-Zip\trz9BED.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\7-Zip\trz9C8A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\7-Zip\trz9D27.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CamStudio 2.6b\trzC5B8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CamStudio 2.6b\trzC694.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CamStudio 2.6b\trzC79E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\trzCE14.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\trzD018.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\trzD0A6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\trzD0E5.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\trzD163.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\trzD1C2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\trzD1F1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD2BD.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD32B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD36B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD3C9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD409.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD467.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\trzD4D6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\trzD5D0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\trzD62F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\trzD66E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\trzD71B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\trzD779.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\trzD7B9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\trzD8A4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\trzD8F3.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\trzD951.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\trzD9CF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\trzDA1E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\trzDA5E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\Help\trzE4E9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\Help 8\trzE8E0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\Help 8\trzEB42.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\Help 8\trzEBA0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\VS Runtime\trzF0B0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\trz12D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\trzFF55.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\trzFFB4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\GEEN\trz32.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ITEN\trzA0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\microsoft shared\VC\trz276.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\postureAgent\plugins\trzC5A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\postureAgent\plugins\install\trzC1B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Common Files\System\Ole DB\trzF77.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\trz6232.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\trz62C0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\trz630F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\trz7087.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\trz70C7.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\trz7106.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\trzAB75.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\trzABF3.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\trzAC42.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\Custom\Setting\trz915F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\trzDFCB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\trzE068.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\trzE0D6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\BigBang\Runtime\trzEA58.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\CES\trzEB24.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\DVD\trzED47.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\MediaEspresso\subsys\DVD\trzF6BA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\trz2BA4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\trz2C03.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\trz2C52.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\DetelFone\trz6654.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\DetelFone\trz6694.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Server Edition\bin\trz69B0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Server Edition\bin\trz6C12.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Server Edition\bin\trz6CAF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Server Edition\bin\trz6D8A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.0.0 Server Edition\lib\gtk-2.0\2.10.0\engines\trz6FCC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\GameForge\NCLauncher\trz75C6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\trz8EC6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\trz8F44.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\trz935B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\trz981D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogl\trz888C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\trz8C35.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\trz8E19.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\plugin\trzA2BC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\plugin\trzA59B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\plugin\trzA638.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\plugin\alchemy\ogl\trzA0E5.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\plugin\alchemy\ogles20\trzA1EF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Google\Google Earth\plugin\alchemy\ogles20\trzA22F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\trzB3A2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\trzB6CF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\trzB865.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\trzB902.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\trzB980.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\trzBA0E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\trzBACA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\trzBB57.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\trzBD9A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\1.12.70\trzBCFD.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\trzBFFC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCE7E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCECD.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCEFC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCF3C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCF5C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCF8C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Internet Explorer\Plugins\trzCFAC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD152.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD2BB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD339.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD397.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD3D7.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD426.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD475.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD550.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD5CE.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD61D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD6AA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD6F9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD71A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD759.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD7B8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD874.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzD920.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzDA2D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\trzDA9B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\client\trzD1EF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\plugin2\trzD98F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\bin\plugin2\trzD9CE.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Java\jre6\lib\deploy\trzDC70.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Logitech\Vid HD\trzF542.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFA61.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFA72.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFAB1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFB10.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFB4F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFB9E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFC0E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFC3D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFC8C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFCCC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFD2A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFD5A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\trzFE96.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\UpdateClient\trzFDA9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\MarkAny\ContentSafer\UpdateClient\trzFDF8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\trz138.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\trz6B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\trzBA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\PlugIns\trz1B6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\PlugIns\trz243.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\PlugIns\trz283.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\PlugIns\trz2C2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\PlugIns\trz350.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Optimizer\trz489.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Optimizer\trz595.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Optimizer\trz5D4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Optimizer\trzA0A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Snap\trzA98.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Snap\trzB73.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\trz41AE.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\trz2233.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\trz2949.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\trz2989.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\VS SCC\trz286D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\VS SCC\trz28FA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\Packages\trz33BB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\Packages\Debugger\trz3487.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\Tools\VDT\trz3572.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\Tools\VDT\trz35B1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\NETGEAR\WG111v2\trz9C13.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\NETGEAR\WG111v2\trz9C43.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\trz9D2E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\trzA10A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\plugins\trz9EB6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\plugins\trz9F53.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\plugins\trz9FE0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\updater\trzA2FE.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\updater\trzA37C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Notepad++\updater\trzA448.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\trzBFE2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Origin\trzCBF9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Origin\trzCC57.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Origin\trzCDB0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Origin\legacyPM\trzCB9A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD12B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD14B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD16B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD19B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD1BB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD1DB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\QuickTime\Plugins\trzD1EC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz103C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz107C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz10AB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz10DB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz10FB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz110C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz113C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz114C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz119B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz11CB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz11FB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz122B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz125B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz127B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz129B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz12BB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz12DB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz12FC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz135A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz138A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz13AA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz13DA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz13FA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz142A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz144A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz146A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz14B9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1518.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1538.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1549.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1579.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1599.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz15B9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz15E9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1609.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1639.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Samsung\USB Drivers\lang\i386\trz1659.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\FarCry 3\bin\trz4ECB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\trz4D61.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\trz4D82.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\trz4DE0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\dll\trz4BA8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\dll\trz4C16.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\trz5F2C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Unity\WebPlayer\trz650A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Unity\WebPlayer\mono\fusion-2.x.x\trz6249.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Unity\WebPlayer\player\fusion-2.x.x\trz646C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Unity\WebPlayer\player\fusion-2.x.x\trz64BB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Webteh\BSplayerPro\trz65D6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Webteh\BSplayerPro\trz66E1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Webteh\BSplayerPro\trz67BD.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Webteh\BSplayerPro\bslib\trz66A2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\MFAData\SelfUpd\trzD188.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\NexonEU\NGM\trz2648.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\NexonEU\NGM\trz2687.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\.swt\lib\win32\x86\trzC82D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4934.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4AF9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4B58.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4BD5.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4C15.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4C73.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4D01.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\MadOtterGames\Apps\A Mystical Land - EU\trz4D40.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\PunkBuster\COD2\pb\trz8C4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\PunkBuster\FC3\pb\trz1257.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\PunkBuster\FC3\pb\trz12D5.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\PunkBuster\FC3\pb\trz951.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Local\Sony Online Entertainment\ApplicationUpdater\trz15E2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\spiral\native\trzB02A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\spiral\native\trzB069.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\spiral\native\trzB0D7.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\spiral\native\trzB117.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\splitscreen\gamedata\Dino Storm\natives\trz102C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\splitscreen\gamedata\Dino Storm\natives\trz1D6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\splitscreen\gamedata\Dino Storm\natives\trzCEE.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\splitscreen\gamedata\Dino Storm\natives\trzEE2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\LocalLow\splitscreen\gamedata\Dino Storm\natives\trzFAE.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\.minecraft\bin\natives\trz637A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\.minecraft\bin\natives\trz63C9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\.minecraft\bin\natives\trz6409.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\.minecraft\bin\natives\trz6429.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\AC3 Filter\trz74CD.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\AC3 Filter\trz753B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\AC3 Filter\trz772F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz782A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7879.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7899.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz78D8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7918.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7938.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7968.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz79B8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7A84.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\FFDShow\trz7B01.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7B60.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7B80.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7BC0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7BFF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7C1F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7C6E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7C9E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz7D0C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz8096.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz80C6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz8559.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz8902.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\BSplayer PRO\Haali media splitter\trz8A89.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\Yontoo\dat\trzFB9C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\Desktop\Kalonline\bot\odpad\trz4F0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\Desktop\Kalonline\Communicator bot\trz667.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\Desktop\Kalonline\Communicator bot\trz6B6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\Desktop\Nova mapa\trz172D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\Desktop\Nova mapa\trzDC9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\Downloads\Int.Serv Extras - Update 04-03-2013.rar (Malware.Gen) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache\runescape\LIVE\trz2DD9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache\runescape\LIVE\trz370E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache\runescape\LIVE\trz373E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache\runescape\LIVE\trz374E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache1\runescape\LIVE\trz3849.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache1\runescape\LIVE\trz3869.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache1\runescape\LIVE\trz387A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\jagexcache1\runescape\LIVE\trz389A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\UpdatusUser\AppData\Roaming\.minecraft\bin\natives\trz61D3.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\UpdatusUser\AppData\Roaming\.minecraft\bin\natives\trz6232.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\UpdatusUser\AppData\Roaming\.minecraft\bin\natives\trz6252.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\UpdatusUser\AppData\Roaming\.minecraft\bin\natives\trz6282.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\trzD3EC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\CoD2MP_s.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\trzC693.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\trzCB33.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\trzCBC1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\trzCC9C.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\trzD08B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\trzD0BB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\trzD0EB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\trzD0FC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\trzD13B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\dll\trzCF2D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\dll\trzCF6D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\pb\dll\trzCFAC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\CoD2\Call of Duty 2\Release\trzD16B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\BlackNight Injector V.21.rar (Backdoor.Agent) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\wpepro09mod.zip (HackTool.Sniffer.WpePro) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trz25F8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trz26B4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trz328A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trz32C9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trzD7F4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trzD814.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trzD94D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\trzD95E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Google chrome\Hell-Gate KalOnline\hshield\trz283B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\Audition\Call.of.Duty.Modern.Warfare.3-RELOADED\Call of Duty- Modern Warfare 3\trz3A97.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\Audition\CoD\trz5115.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\Auto Hide IP 5.2.8.8 Incl Patch by XenoCoder\Program za ogled nfo datotek\trz5403.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\GTA IV Patch 1.0.5.0 + Crack\Crack\trz5AC8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\john deere\John Deere American Farmer Deluxe\trz60C3.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\john deere\John Deere American Farmer Deluxe\trz61DC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\john deere\John Deere American Farmer Deluxe\Scripts\DLLs\trz7B47.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\chromium\trzA15F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\chromium\trzA1BD.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\chromium\trzA2F6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzA7D8.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzA970.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzAA6B.tmp (Malware.Gen) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzAAD9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzAB57.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzAC32.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzAD0D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Download\Partis\stronghold 3\Stronghold.3 - 3DM [Full DVD+Crack]\stronghold3\bin\win32_release\trzADE9.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin creed 3\Assassin's.Creed.IIII-Black.Box\Assassins Creed III\PB\trzB1E0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin creed 3\Assassin's.Creed.IIII-Black.Box\Assassins Creed III\PB\trzB22F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin creed 3\Assassin's.Creed.IIII-Black.Box\Assassins Creed III\Temp\DVD\trzB413.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\orbit\trzBC30.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\orbit\trzC1C0.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\orbit\orbit\trzBFAB.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\orbit\orbit\trzC0C5.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\PB\trzC436.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\PB\trzC446.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\PB\trzC522.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\PB\dll\trzC2BA.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Assassin Creed 3 revelation\Assassin's Creed Revelations full game 1.03 ^^nosTEAM^^\Assassin's Creed Revelations\PB\dll\trzC357.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal\Bango Kal UpdaterSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal\engineSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija\Bango Kal UpdaterSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija (2)\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija (2)\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\BangoKal - Kopija (2)\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\trz7363.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\trz86D5.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\trzF9C4.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\CA\Combat Arms EU\trz1BBC.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\CA\Combat Arms EU\trz2454.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\CA\Combat Arms EU\trz2510.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\CA\Combat Arms EU\trz33F1.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\CA\Combat Arms EU\trz3D35.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\DIRT\CA\Combat Arms EU\trz4580.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\trz15B2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\trz17C6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\trz17E6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\trz1845.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\trz1865.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz1F6E.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz203A.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz2106.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz2193.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz21F2.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz2250.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz2280.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz22BF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz22EF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz230F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz2320.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz2340.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\trz239F.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\AI\trz1D58.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\AI\trz1DB6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\AI\trz1DE6.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 2\Empire Earth II\scriptlibs\AI\trz1DF7.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 3\trz45EF.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Empire Earth 3\trz465D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\FIFA 12\Game\Core\libeay32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\FIFA 12\Game\dlc\dlc_powdll\dlc\powdll\powdllzf.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\FIFA 13\Game\fifa13Srv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\FIFA 13\Game\Core\libeay32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\FIFA 13\Game\Core\QtCore4.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\FIFA 13\Game\dlc\dlc_powdll\dlc\powdll\powdllzf.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Grand Chase\Grand Chase\BugTrap.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Grand Chase\Grand Chase\KncFirewall.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Grand Chase\Grand Chase\libcurl.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Grand Chase\Grand Chase\patch.tmp (VirTool.Vbcrypt) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Grand Theft Auto IV\trzE88D.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Hitman\Hitman Absolution\trz3113.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Hitman\Hitman Absolution\trz3C5B.tmp (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\Client.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\Colorizer.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\cskill.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\dbghelp_.dll (Malware.Gen) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\EHSvc.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\engine.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\ProtectC.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\Random.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\KAL x-treme\Libraries\Random.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline\bot.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline\dsound.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline\KalOnline.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\bot.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\dbghelp.dll (Malware.Gen) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\dbghelp_.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\dsound.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\EHSvc.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\KalOnline.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - Kopija - Kopija\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\dbghelp.dll (Malware.Gen) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\dbghelp_.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\KalOnline.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\KalOnlineSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original\blabla\bot.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija\KalOnline.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija - Kopija\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija - Kopija\KalOnline.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija - Kopija\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\kalonline - original - Kopija - Kopija\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Splashy.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\AS kal\AS KAL\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\AS kal\AS KAL\KalOnline.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\AS kal\AS KAL\MoUz.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\AS kal\AS KAL\ProtectC.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\AS kal\AS KAL\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\Client.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\Colorizer.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\CrashSender1300.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\engine.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\BadCompanY\hshield\version.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\Client.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\CrashSender1300.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\cskill.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\dsound.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\engine.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\extended.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\Main.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\minime.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\ProtectC.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\skype.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal\hshield\version.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\Client.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\CrashSender1300.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\dbghelp_.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\dsound.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\EHSvc.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\engine.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\extended.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\Main.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\minime.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\ProtectC.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\skype.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Kalonline zbirka\Hiddenkal - Kopija\hshield\version.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_air_client\releases\0.0.1.47\deploy\LolClient.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_air_client\releases\0.0.1.47\deploy\LolClientSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_air_client\releases\0.0.1.47\deploy\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_air_client\releases\0.0.1.47\deploy\Adobe AIR\Versions\1.0\Resources\Template.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.180\deploy\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.180\deploy\launcher.maestro.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.180\deploy\rads.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.180\deploy\riotlauncher.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.38\deploy\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.38\deploy\launcher.maestro.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.38\deploy\League of Legends.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.38\deploy\PSHUD_1.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.38\deploy\rads.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.43\deploy\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.43\deploy\launcher.maestro.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.43\deploy\League of Legends.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.43\deploy\PSHUD_1.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.43\deploy\rads.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.45\deploy\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.45\deploy\launcher.maestro.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.45\deploy\League of Legends.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.45\deploy\PSHUD_1.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.45\deploy\rads.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.55\deploy\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.55\deploy\launcher.maestro.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.55\deploy\League of Legends.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_game_client\releases\0.0.0.55\deploy\rads.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncherSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\projects\lol_launcher\releases\0.0.0.185\deploy\RiotLauncher.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\launcher.maestro.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of LegendsSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\PSHUD_1.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\rads.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\riotlauncher.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\system\rads_user_kernel.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\League of Legends-kopija\rads\system\rads_user_kernelSrv.exe (Malware.Packer) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\LoL\LeagueOfLegends\ISSetup.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\LoL\LeagueOfLegends\setup.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\Client.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\Colorizer.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\CrashSender1300.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\engine.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\Client.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\Colorizer.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\CrashSender1300.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\dsound.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\engine.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\MFC71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Nation KalOnlineV2 - Kopija\hshield\EGRNAPX2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\ATL80.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\beecrypt.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\Cry3DEngine.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryAnimation.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryEntitySystem.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryFont.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryInput.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryMovie.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryPhysics.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CryScriptSystem.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\CrySoundSystem.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\dbghelp.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\fmodex.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\libeay32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\mfc80.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\mfc80u.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\msvcr71.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\ssleay32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\symsrv.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Aion\bin32\XRenderD3D9.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Launcher\PMBWrapperLib.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NCSoft\Launcher\XDelta.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\New Kal\FastCRC.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\New Kal\Irrlicht.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\New Kal\libcurl.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NWKAL_Client\FastCRC.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NWKAL_Client\Irrlicht.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\NWKAL_Client\libcurl.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Sniper Ghost Warrior\GameDLL_x86.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Sniper Ghost Warrior\ogg.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Sniper Ghost Warrior\SKIDROW.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Sniper Ghost Warrior\Sniper_x86.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Sniper Ghost Warrior\vorbis.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Sniper Ghost Warrior\vorbisfile.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Splinter\Crack\uplay_r1_loader.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Igre\Splinter\src\SYSTEM\uplay_r1_loader.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Melani\Chrome\User Data\SwiftShader\1.0.0.1\libEGL.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Melani\Chrome\User Data\SwiftShader\1.0.0.1\libGLESv2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Melani\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Melani\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\!CheckMinSpec.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\!CheckPrerequisites.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\!if.FileExists.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\ApexFramework_x86.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\APEX_Destructible_x86.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\cudart32_42_6.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\dpvs.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\faultlog.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\GDraw_D3D9.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\GDraw_GL.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\GInput_DX8.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\GInput_GDI.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\glut32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\GraphicsDriver.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\nvToolsExt32_1.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\wws_crashreport_uploader.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\Resources\TwitchTV\libcurl-ttv.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\Resources\TwitchTV\libeay32-ttv.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\ValidationDLLs\T4Lib.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Planet Side 2\ValidationDLLs\T4Libd.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Mss32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\PRM2NCP.EXE (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Androidddddddddd\sdk\platform-tools\AdbWinApi.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Androidddddddddd\sdk\platform-tools\AdbWinUsbApi.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Cheat Engine 6.2\ced3d9hook.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Cheat Engine 6.2\d3d10hook.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Cheat Engine 6.2\d3d11hook.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Cheat Engine 6.2\d3dhook.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Cheat Engine 6.2\lua5.1-32.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Primož\Cheat Engine 6.2\plugins\example-c\example-c-32bit.dll (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\Programi\xFire\xfencoder.exe (Virus.Ramnit) -> Poslano v karanteno in uspešno izbrisano.
J:\stari računalnik\Downloads\Kopija od digsby_install(2).exe (PUP.Optional.InstallIQ.A) -> Poslano v karanteno in uspešno izbrisano.
J:\stari računalnik\Downloads\Kopija od digsby_install.exe (PUP.Optional.InstallIQ.A) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Poslano v karanteno in uspešno izbrisano.
C:\Program Files (x86)\Gophoto.it\gophotoit14.crx (PUP.Optional.Gophoto.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\OpenCandy\0629B381765B4438B409683C775D3994\TuneUpUtilities2013_2200319_en-US.exe (PUP.Optional.OpenCandy) -> Poslano v karanteno in uspešno izbrisano.
C:\Users\HOME\AppData\Roaming\OpenCandy\7AED8507F27A4E998C09FFFD72AF1E8D\TuneUpUtilities2012_en-US.exe (PUP.Optional.OpenCandy) -> Poslano v karanteno in uspešno izbrisano.
 
(konec)
 

I'm so sorry... i didn't know that is gonna be in Slovenian... I will see you tommorow



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 24 September 2013 - 01:54 PM

Slovenian isn´t the problem here...

 

 

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 25 September 2013 - 09:30 AM

Here i deleted all cracks that i could found. 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 25 September 2013 - 10:31 AM

Then please rerun ESET and post up the log. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 25 September 2013 - 10:33 AM

ESET? 

you mean ComboFix ?



#14 primoz98

primoz98
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 26 September 2013 - 01:41 AM

You Mean NOD 32 ESET or anything else ?
~Primoz

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 26 September 2013 - 06:34 AM

Sorry, that was my mistake.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users