Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-02-02
Scan Time: 18:35:59
Logfile: 1mb.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.02.03
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Przemek

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 517276
Time Elapsed: 11 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 5
Virus.Ramnit, C:\Program Files\WinRAR\RarExt.dll, Delete-on-Reboot, [5b50cb4ec4c6c47258af504dde225aa6], 
Virus.Ramnit, C:\Program Files\RJ TextEd\rjshell.dll, Delete-on-Reboot, [f3b806137614c86e0106f1ace41cb54b], 
Virus.Ramnit, C:\Program Files\Easersoft\ExtremeCopy\XCShellExt.dll, Delete-on-Reboot, [a9029f7a6426db5bc5422a736d9357a9], 
Virus.Ramnit, C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll, Delete-on-Reboot, [bbf00e0b3753f54127e01f7e718fcc34], 
Virus.Ramnit, C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll, Delete-on-Reboot, [2d7e88916d1dbc7a9c6b1687af5127d9], 

Registry Keys: 20
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}, Quarantined, [5b50cb4ec4c6c47258af504dde225aa6], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\CLSID\{C846A4FC-5493-4D15-A7B2-8CE94E06820A}, Quarantined, [f3b806137614c86e0106f1ace41cb54b], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\CLSID\{2D4E0551-33FE-4C58-B1BF-1277B9C511F2}, Quarantined, [a9029f7a6426db5bc5422a736d9357a9], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\CLSID\{F2D1B886-1A6D-482F-BD05-847ABB62C571}, Quarantined, [a9029f7a6426db5bc5422a736d9357a9], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\TYPELIB\{46072945-A3E8-477D-B70F-8B66AA05C7FE}, Quarantined, [812ac752f6943bfbfc0b633ac63a2fd1], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{1602C177-01DB-4C7F-963F-D01AD98CD287}, Quarantined, [812ac752f6943bfbfc0b633ac63a2fd1], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{64609F30-9552-4FF9-B3B4-E928CA8038A2}, Quarantined, [812ac752f6943bfbfc0b633ac63a2fd1], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{71DDF0D4-8AA9-4F69-80D3-031879DA4D2C}, Quarantined, [812ac752f6943bfbfc0b633ac63a2fd1], 
Virus.Ramnit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ICCS, Quarantined, [812ac752f6943bfbfc0b633ac63a2fd1], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\TYPELIB\{7EC41441-2247-4DEC-BBFB-9E798627A17B}, Quarantined, [e6c58e8b6b1ffb3b2edaa3fa43bd748c], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{A16AB1E1-377D-4DF2-8D8A-C9F283857DDC}, Quarantined, [e6c58e8b6b1ffb3b2edaa3fa43bd748c], 
Virus.Ramnit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IDriverT, Quarantined, [e6c58e8b6b1ffb3b2edaa3fa43bd748c], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\TYPELIB\{73C381A8-548C-49F8-8AD3-C845D12D3C22}, Quarantined, [4d5e63b63555a19540c81885fc048878], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{4250D219-06C7-4957-AEC3-6DA09B84BA22}, Quarantined, [4d5e63b63555a19540c81885fc048878], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{84535BBA-A68E-4839-82CF-2DCCAB12910A}, Quarantined, [4d5e63b63555a19540c81885fc048878], 
Virus.Ramnit, HKLM\SOFTWARE\CLASSES\INTERFACE\{B78EA491-BC9E-446D-9A46-57C6D9D0FC7A}, Quarantined, [4d5e63b63555a19540c81885fc048878], 
Virus.Ramnit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WMPNetworkSvc, Quarantined, [4d5e63b63555a19540c81885fc048878], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [1e8db762a8e2fc3a49da5d9ddc26a65a], 
PUP.Optional.StartNow.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StartNow Toolbar, Quarantined, [9d0e1ffa8efc0e2888253fc9cd38b050], 
PUP.Optional.StartNow.A, HKU\S-1-5-21-1844237615-1060284298-682003330-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StartNow Toolbar, Quarantined, [a00ba1784a4065d108a59c6c6c999e62], 

Registry Values: 8
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{B41DB860-8EE4-11D2-9906-E49FADC173CA}, WinRAR shell extension, Quarantined, [5b50cb4ec4c6c47258af504dde225aa6]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{C846A4FC-5493-4D15-A7B2-8CE94E06820A}, RJ TextEd, Quarantined, [f3b806137614c86e0106f1ace41cb54b]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\RJ TEXTED\RJSHELL.DLL, 1, Quarantined, [f3b806137614c86e0106f1ace41cb54b]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{2D4E0551-33FE-4C58-B1BF-1277B9C511F2}, ExtremeCopy, Quarantined, [a9029f7a6426db5bc5422a736d9357a9]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{F2D1B886-1A6D-482F-BD05-847ABB62C571}, ExtremeCopy, Quarantined, [a9029f7a6426db5bc5422a736d9357a9]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\EASERSOFT\EXTREMECOPY\XCSHELLEXT.DLL, 1, Quarantined, [a9029f7a6426db5bc5422a736d9357a9]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\AMD\DUAL-CORE OPTIMIZER\AMD_DC_OPT.EXE, 1, Quarantined, [fbb033e66a2074c22fd92b7231cfec14]
Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|amd_dc_opt, C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe, Quarantined, [fbb033e66a2074c22fd92b7231cfec14]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 11
Virus.Ramnit, C:\Program Files\WinRAR\RarExt.dll, Delete-on-Reboot, [5b50cb4ec4c6c47258af504dde225aa6], 
Virus.Ramnit, C:\Program Files\RJ TextEd\rjshell.dll, Delete-on-Reboot, [f3b806137614c86e0106f1ace41cb54b], 
Virus.Ramnit, C:\Program Files\Easersoft\ExtremeCopy\XCShellExt.dll, Delete-on-Reboot, [a9029f7a6426db5bc5422a736d9357a9], 
Virus.Ramnit, C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll, Delete-on-Reboot, [bbf00e0b3753f54127e01f7e718fcc34], 
Virus.Ramnit, C:\Documents and Settings\Przemek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll, Delete-on-Reboot, [2d7e88916d1dbc7a9c6b1687af5127d9], 
Virus.Ramnit, C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe, Quarantined, [fbb033e66a2074c22fd92b7231cfec14], 
Virus.Ramnit, C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe, Quarantined, [812ac752f6943bfbfc0b633ac63a2fd1], 
Virus.Ramnit, C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe, Quarantined, [e6c58e8b6b1ffb3b2edaa3fa43bd748c], 
Virus.Ramnit, C:\Program Files\Windows Media Player\wmpnetwk.exe, Quarantined, [4d5e63b63555a19540c81885fc048878], 
Spyware.Passwords.XGen, M:\RECYCLER\S-4-7-57-2440425638-2113657511-755132144-4045\uJAkhoTy.exe, Quarantined, [674424f5a7e3cf6741624e2e54ace11f], 
Virus.Ramnit, M:\RECYCLER\S-4-7-57-2440425638-2113657511-755132144-4045\uIFvIGoJ.cpl, Quarantined, [a3088198deac51e50bc6c8b9a25e22de], 

Physical Sectors: 0
(No malicious items detected)


(end)