Ok, here are the steps I took from this morning:
1) Since forum was down for maybe one hour (i checked it with is it down web site), i deleted all the files under folder
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\
because all the files were 12 MB exe's or 800 MB avis.
2) I think I found source of problem. Because all the files were 20.02.2014 and younger, i looked at my download history, and found that on that day I downloaded via torrent file "system surveillance Pro". I just re-downloaded it again and boom - it has the same size and icon as all these exe files which were in many sub-folders I deleted. Strange is that when you check this (uploaded on virustotal) - no threat. Same as scanning with avast here. But, when you try to execute it, there is error like I described in firs post.
3) Here is the log from malware Bytes Anti Malware:
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 6.4.2014
Scan Time: 12:23:57
Logfile: Malwarebytes Anti log.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.06.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zoran Zivkovic
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306768
Time Elapsed: 22 min, 17 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 6
PUP.Hacktool.Patcher, C:\$Recycle.Bin\S-1-5-21-1924369737-3741230650-190925272-1000\$RYTVMRN.rar, , [c953f92e512a3ef8426cbc493cc426da],
Backdooor.HydraLoader, C:\Users\Zoran Zivkovic\AppData\Local\Temp\tmpBD6F.tmp, , [011b2bfc7308ce68e6ad2b2ffc053cc4],
PUP.Wpakill, C:\Users\Zoran Zivkovic\Downloads\AntiWPA.rar, , [ff1d52d5542777bf47376db4040038c8],
PUP.Optional.LiveSoftAction.A, C:\Users\Zoran Zivkovic\Downloads\LG 32LG3000 user guide provided through pdfretriever.com.exe, , [8498e542f388fb3ba1529182b54c7090],
PUP.Optional.Softonic.A, C:\Users\Zoran Zivkovic\Downloads\SoftonicDownloader_for_borland-database-engine-bde.exe, , [39e3f235c4b7cc6a217b46d27f8222de],
PUP.BundleInstaller.DW, C:\Users\Zoran Zivkovic\Downloads\Windows_7_Loader_Activator_v2.2.exe, , [cc50a780c2b9d16580a3c53819e7728e],
Physical Sectors: 0
(No malicious items detected)
(end)
Ok, what now, should I quarantine everything ?
Regards,
Zoran