Malwarebytes: Came out in norwegian, google translate workes on it Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.orgDatabaseversjon: v2012.09.01.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zlim :: ZLIM-HP [administrator]
01.09.2012 16:16:56
mbam-log-2012-09-01 (16-16-56).txt
Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 196969
Tid tilbakelagt: 3 minutt(er), 41 sekund(er)
Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)
Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)
Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)
Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)
Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)
Mapper oppdaget: 0
(Ingen skadelige objekter funnet)
Filer oppdaget 6
C:\$Recycle.Bin\S-1-5-21-1008104762-4221902305-1862361787-1000\$RWTUJJ3\epicbot_520(1).exe (PUP.BundleOffers.IIQ) -> Satt i karantene og slettet vellykket.
C:\Users\Zlim\Downloads\epicbot_520.exe (PUP.BundleOffers.IIQ) -> Satt i karantene og slettet vellykket.
C:\Windows\Installer\{7ba12d95-5a21-c945-9f55-8c43c32cc061}\n (Rootkit.0Access) -> Satt i karantene og slettet vellykket.
C:\Windows\Installer\{7ba12d95-5a21-c945-9f55-8c43c32cc061}\L\00000008.@ (Trojan.BitMiner) -> Satt i karantene og slettet vellykket.
C:\Windows\Installer\{7ba12d95-5a21-c945-9f55-8c43c32cc061}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Satt i karantene og slettet vellykket.
C:\Windows\Installer\{7ba12d95-5a21-c945-9f55-8c43c32cc061}\U\000000cb.@ (Rootkit.0Access) -> Satt i karantene og slettet vellykket.
(klar)
OTL. in attachmentMBR: aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 17:01:22
-----------------------------
17:01:22.493 OS Version: Windows x64 6.1.7601 Service Pack 1
17:01:22.493 Number of processors: 4 586 0x2A07
17:01:22.493 ComputerName: ZLIM-HP UserName: Zlim
17:01:24.642 Initialize success
17:01:24.736 AVAST engine defs: 12090100
17:01:55.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:01:55.000 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
17:01:55.047 Disk 0 MBR read successfully
17:01:55.047 Disk 0 MBR scan
17:01:55.047 Disk 0 Windows 7 default MBR code
17:01:55.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:01:55.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 692042 MB offset 409600
17:01:55.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19099 MB offset 1417711616
17:01:55.156 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
17:01:55.187 Disk 0 scanning C:\Windows\system32\drivers
17:02:03.627 Service scanning
17:02:36.574 Modules scanning
17:02:36.590 Disk 0 trace - called modules:
17:02:37.136 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:02:37.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ada060]
17:02:37.151 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007859050]
17:02:38.040 AVAST engine scan C:\Windows
17:02:40.677 AVAST engine scan C:\Windows\system32
17:03:28.217 File: C:\Windows\system32\services.exe **INFECTED** Win32:Patched-AKC [Trj]
17:03:47.024 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:03:48.604 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:04:39.571 AVAST engine scan C:\Windows\system32\drivers
17:04:49.917 AVAST engine scan C:\Users\Zlim
17:11:40.604 AVAST engine scan C:\ProgramData
17:13:15.751 Scan finished successfully
17:14:58.119 Disk 0 MBR has been saved successfully to "C:\Users\Zlim\Desktop\MBR.dat"
17:14:58.123 The log file has been saved successfully to "C:\Users\Zlim\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 17:01:22
-----------------------------
17:01:22.493 OS Version: Windows x64 6.1.7601 Service Pack 1
17:01:22.493 Number of processors: 4 586 0x2A07
17:01:22.493 ComputerName: ZLIM-HP UserName: Zlim
17:01:24.642 Initialize success
17:01:24.736 AVAST engine defs: 12090100
17:01:55.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:01:55.000 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
17:01:55.047 Disk 0 MBR read successfully
17:01:55.047 Disk 0 MBR scan
17:01:55.047 Disk 0 Windows 7 default MBR code
17:01:55.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:01:55.093 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 692042 MB offset 409600
17:01:55.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19099 MB offset 1417711616
17:01:55.156 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
17:01:55.187 Disk 0 scanning C:\Windows\system32\drivers
17:02:03.627 Service scanning
17:02:36.574 Modules scanning
17:02:36.590 Disk 0 trace - called modules:
17:02:37.136 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:02:37.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ada060]
17:02:37.151 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007859050]
17:02:38.040 AVAST engine scan C:\Windows
17:02:40.677 AVAST engine scan C:\Windows\system32
17:03:28.217 File: C:\Windows\system32\services.exe **INFECTED** Win32:Patched-AKC [Trj]
17:03:47.024 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:03:48.604 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:04:39.571 AVAST engine scan C:\Windows\system32\drivers
17:04:49.917 AVAST engine scan C:\Users\Zlim
17:11:40.604 AVAST engine scan C:\ProgramData
17:13:15.751 Scan finished successfully
17:14:58.119 Disk 0 MBR has been saved successfully to "C:\Users\Zlim\Desktop\MBR.dat"
17:14:58.123 The log file has been saved successfully to "C:\Users\Zlim\Desktop\aswMBR.txt"
17:26:46.081 Disk 0 MBR has been saved successfully to "C:\Users\Zlim\Desktop\MBR.dat"
17:26:46.102 The log file has been saved successfully to "C:\Users\Zlim\Desktop\aswMBR.txt"